7.8
CVE-2025-49692
- EPSS 0.06%
- Published 09.09.2025 17:01:08
- Last modified 01.10.2025 20:30:30
- Source secure@microsoft.com
- CVE-Watchlists
- Open
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. 
Login
LoginData is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Azure Connected Machine Agent Version < 1.49
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.189 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.