Improper Access Control in Azure Notification Service by Microsoft
CVE-2025-59500

7.7HIGH

Key Information:

Vendor: Microsoft
Status: Azure Notification Service
Vendor: CVE Published:; 23 October 2025

What is CVE-2025-59500?

The Azure Notification Service is susceptible to an improper access control vulnerability that can be exploited by an authorized attacker to elevate privileges within the network. This situation potentially allows unauthorized access to critical system functions. Organizations utilizing this service should review their configurations and implement appropriate security measures to safeguard against such risks.

Affected Version(s)

Azure Notification Service Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2025
Vulnerability Reserved
Sep 17, 2025

JSON