QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-49707

Back to search

CVE-2025-49707

Published: Aug 12, 2025

Modified: Feb 26, 2026

PUBLISHED

CVSS v3.1

7.9

HIGH

Description

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

VendorProductVersions

Microsoft

DCadsv5-series Azure VM

affected
-

Microsoft

DCasv5-series Azure VM

affected
-

Microsoft

DCedsv5-series Azure VM

affected
-

Microsoft

DCesv5-series - Azure VM

affected
-

Microsoft

DCesv6-series Azure VM

affected
-

Microsoft

ECadsv5-series Azure VM

affected
-

Microsoft

ECasv5-series Azure VM

affected
-

Microsoft

ECedsv5-series Azure VM

affected
-

Microsoft

ECesv5-series Azure VM

affected
-

Microsoft

Ecesv6-series Azure VM

affected
-

Microsoft

NCCadsH100v5-series Azure VM

affected
-

Weaknesses (CWE)

CWE-284

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now