CVE-2025-49707

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-49707
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

7.9 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:*:*:*:*:*:*:*
History

20 Aug 2025, 20:55

Type Values Removed Values Added
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707 - Vendor Advisory
First Time Microsoft dcedsv5-series Azure Vm Firmware
Microsoft dcesv6-series Azure Vm
Microsoft nccadsh100v5-series Azure Vm
Microsoft ecedsv5-series Azure Vm
Microsoft dcadsv5-series Azure Vm
Microsoft ecesv6-series Azure Vm Firmware
Microsoft ecadsv5-series Azure Vm Firmware
Microsoft dcadsv5-series Azure Vm Firmware
Microsoft
Microsoft dcasv5-series Azure Vm Firmware
Microsoft ecesv5-series Azure Vm
Microsoft dcasv5-series Azure Vm
Microsoft dcesv6-series Azure Vm Firmware
Microsoft ecedsv5-series Azure Vm Firmware
Microsoft ecesv5-series Azure Vm Firmware
Microsoft dcedsv5-series Azure Vm
Microsoft ecesv6-series Azure Vm
Microsoft ecasv5-series Azure Vm
Microsoft ecasv5-series Azure Vm Firmware
Microsoft dcesv5-series Azure Vm
Microsoft dcesv5-series Azure Vm Firmware
Microsoft ecadsv5-series Azure Vm
Microsoft nccadsh100v5-series Azure Vm Firmware
CWE NVD-CWE-Other
CPE cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

13 Aug 2025, 17:34

Type Values Removed Values Added
Summary
  • (es) El control de acceso inadecuado en Azure Virtual Machines permite que un atacante autorizado realice suplantación de identidad localmente.

12 Aug 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-12 18:15

Updated : 2025-08-20 20:55

NVD link : CVE-2025-49707

Mitre link : CVE-2025-49707

CVE.ORG link : CVE-2025-49707

JSON object : View

Products Affected

microsoft

  • dcedsv5-series_azure_vm
  • ecesv6-series_azure_vm
  • ecesv5-series_azure_vm
  • dcedsv5-series_azure_vm_firmware
  • ecadsv5-series_azure_vm_firmware
  • ecadsv5-series_azure_vm
  • dcesv6-series_azure_vm_firmware
  • ecasv5-series_azure_vm_firmware
  • dcadsv5-series_azure_vm_firmware
  • dcadsv5-series_azure_vm
  • dcasv5-series_azure_vm
  • ecesv5-series_azure_vm_firmware
  • ecesv6-series_azure_vm_firmware
  • ecedsv5-series_azure_vm_firmware
  • ecasv5-series_azure_vm
  • dcasv5-series_azure_vm_firmware
  • nccadsh100v5-series_azure_vm
  • nccadsh100v5-series_azure_vm_firmware
  • dcesv5-series_azure_vm
  • dcesv6-series_azure_vm
  • ecedsv5-series_azure_vm
  • dcesv5-series_azure_vm_firmware
CWE
CWE-284

Improper Access Control

NVD-CWE-Other