Cross-Site Scripting Vulnerability in Azure Monitor by Microsoft
CVE-2025-55321

9.3CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Monitor
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-55321?

A cross-site scripting vulnerability exists in Azure Monitor that allows an authorized attacker to execute spoofing attacks over a network by improperly neutralizing input during web page generation. This flaw could lead to unauthorized content being presented to users, potentially compromising user information and interactive session security.

Affected Version(s)

Azure Monitor Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Aug 12, 2025

JSON