CVE-2025-49752

CRITICAL

Published Nov 20, 2025 Modified Nov 21, 2025 CWE-294

Description

Azure Bastion Elevation of Privilege Vulnerability

CVSS v3.1 Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Weakness Type (CWE)

CWE-294 CWE-294

Affected Products

Vendor	Product	Versions
microsoft	azure_bastion_developer	All

References

Advisories & Patches

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49752

Frequently Asked Questions

What is CVE-2025-49752? +

Azure Bastion Elevation of Privilege Vulnerability It has a CVSS v3.1 base score of 10.0 (CRITICAL).

How severe is CVE-2025-49752? +

CVE-2025-49752 has a CVSS v3.1 score of 10.0 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2025-49752? +

CVE-2025-49752 affects products from microsoft, specifically: azure_bastion_developer. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-49752? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-38284

Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a …

CVE-2025-8616

A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process …

CVE-2025-6030

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the …

CVE-2025-6029

Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …

CVE-2025-1887

SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with …

CVE-2023-47435 9.8

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages.

Quick Facts

CVSS Score: 10.0
Severity: CRITICAL
Published: Nov 20, 2025

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2025-49752.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →