Описание (на английском; русское — в БДУ выше)
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
Затрагиваемое ПО
Microsoft Ecesv6-series azure vm firmwareMicrosoft Ecesv6-series azure vmMicrosoft Dcesv6-series azure vm firmwareMicrosoft Dcesv6-series azure vmMicrosoft Nccadsh100v5-series azure vm firmwareMicrosoft Nccadsh100v5-series azure vmMicrosoft Ecedsv5-series azure vm firmwareMicrosoft Ecedsv5-series azure vmMicrosoft Ecesv5-series azure vm firmwareMicrosoft Ecesv5-series azure vmMicrosoft Dcedsv5-series azure vm firmwareMicrosoft Dcedsv5-series azure vmMicrosoft Dcesv5-series azure vm firmwareMicrosoft Dcesv5-series azure vmMicrosoft Ecadsv5-series azure vm firmwareMicrosoft Ecadsv5-series azure vmMicrosoft Ecasv5-series azure vm firmwareMicrosoft Ecasv5-series azure vmMicrosoft Dcadsv5-series azure vm firmwareMicrosoft Dcadsv5-series azure vmMicrosoft Dcasv5-series azure vm firmwareMicrosoft Dcasv5-series azure vm
CVSS
| Балл | 7.9 — высокая |
| Вектор | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Источники
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707