CVE-2025-49707

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-49707
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

7.9 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-08-12 18:15

Updated : 2025-08-20 20:55

NVD link : CVE-2025-49707

Mitre link : CVE-2025-49707

CVE.ORG link : CVE-2025-49707

JSON object : View

Products Affected

microsoft

  • dcadsv5-series_azure_vm_firmware
  • nccadsh100v5-series_azure_vm
  • dcesv5-series_azure_vm
  • ecedsv5-series_azure_vm
  • ecesv5-series_azure_vm
  • ecasv5-series_azure_vm
  • nccadsh100v5-series_azure_vm_firmware
  • ecasv5-series_azure_vm_firmware
  • dcesv6-series_azure_vm
  • dcedsv5-series_azure_vm
  • ecedsv5-series_azure_vm_firmware
  • dcedsv5-series_azure_vm_firmware
  • ecesv5-series_azure_vm_firmware
  • ecesv6-series_azure_vm_firmware
  • ecadsv5-series_azure_vm_firmware
  • ecesv6-series_azure_vm
  • dcasv5-series_azure_vm
  • dcasv5-series_azure_vm_firmware
  • ecadsv5-series_azure_vm
  • dcadsv5-series_azure_vm
  • dcesv6-series_azure_vm_firmware
  • dcesv5-series_azure_vm_firmware
CWE
CWE-284

Improper Access Control

NVD-CWE-Other