CVE-2025-49707 - Vulnerability Details

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Azure Azure Virtual Machine Dcadsv5-series Azure Vm Dcadsv5-series Azure Vm Firmware Dcasv5-series Azure Vm Dcasv5-series Azure Vm Firmware Dcedsv5-series Azure Vm Dcedsv5-series Azure Vm Firmware Dcesv5-series Azure Vm Dcesv5-series Azure Vm Firmware Dcesv6-series Azure Vm Dcesv6-series Azure Vm Firmware Ecadsv5-series Azure Vm Ecadsv5-series Azure Vm Firmware Ecasv5-series Azure Vm Ecasv5-series Azure Vm Firmware Ecedsv5-series Azure Vm Ecedsv5-series Azure Vm Firmware Ecesv5-series Azure Vm Ecesv5-series Azure Vm Firmware Ecesv6-series Azure Vm Ecesv6-series Azure Vm Firmware Nccadsh100v5-series Azure Vm Nccadsh100v5-series Azure Vm Firmware

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707

History

Wed, 20 Aug 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft dcadsv5-series Azure Vm Microsoft dcadsv5-series Azure Vm Firmware Microsoft dcasv5-series Azure Vm Microsoft dcasv5-series Azure Vm Firmware Microsoft dcedsv5-series Azure Vm Microsoft dcedsv5-series Azure Vm Firmware Microsoft dcesv5-series Azure Vm Microsoft dcesv5-series Azure Vm Firmware Microsoft dcesv6-series Azure Vm Microsoft dcesv6-series Azure Vm Firmware Microsoft ecadsv5-series Azure Vm Microsoft ecadsv5-series Azure Vm Firmware Microsoft ecasv5-series Azure Vm Microsoft ecasv5-series Azure Vm Firmware Microsoft ecedsv5-series Azure Vm Microsoft ecedsv5-series Azure Vm Firmware Microsoft ecesv5-series Azure Vm Microsoft ecesv5-series Azure Vm Firmware Microsoft ecesv6-series Azure Vm Microsoft ecesv6-series Azure Vm Firmware Microsoft nccadsh100v5-series Azure Vm Microsoft nccadsh100v5-series Azure Vm Firmware
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:::::::* cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:::::::*
Vendors & Products		Microsoft dcadsv5-series Azure Vm Microsoft dcadsv5-series Azure Vm Firmware Microsoft dcasv5-series Azure Vm Microsoft dcasv5-series Azure Vm Firmware Microsoft dcedsv5-series Azure Vm Microsoft dcedsv5-series Azure Vm Firmware Microsoft dcesv5-series Azure Vm Microsoft dcesv5-series Azure Vm Firmware Microsoft dcesv6-series Azure Vm Microsoft dcesv6-series Azure Vm Firmware Microsoft ecadsv5-series Azure Vm Microsoft ecadsv5-series Azure Vm Firmware Microsoft ecasv5-series Azure Vm Microsoft ecasv5-series Azure Vm Firmware Microsoft ecedsv5-series Azure Vm Microsoft ecedsv5-series Azure Vm Firmware Microsoft ecesv5-series Azure Vm Microsoft ecesv5-series Azure Vm Firmware Microsoft ecesv6-series Azure Vm Microsoft ecesv6-series Azure Vm Firmware Microsoft nccadsh100v5-series Azure Vm Microsoft nccadsh100v5-series Azure Vm Firmware

Thu, 14 Aug 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft azure Microsoft azure Virtual Machine
Vendors & Products		Microsoft Microsoft azure Microsoft azure Virtual Machine

Tue, 12 Aug 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 12 Aug 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
Title		Azure Virtual Machines Spoofing Vulnerability
Weaknesses		CWE-284
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707
Metrics		cvssV3_1 `{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-08-12T17:10:47.689Z

Updated: 2025-08-15T20:33:15.794Z

Reserved: 2025-06-09T19:59:44.875Z

Link: CVE-2025-49707

Vulnrichment

Updated: 2025-08-12T20:14:26.537Z

NVD

Status : Analyzed

Published: 2025-08-12T18:15:29.977

Modified: 2025-08-20T20:55:51.070

Link: CVE-2025-49707

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object