A vital vulnerability in Azure Bastion (CVE-2025-49752) permits distant attackers to bypass authentication mechanisms and escalate privileges to administrative ranges.
The flaw, categorized as an authentication bypass vulnerability, poses an instantaneous danger to organizations that depend on Azure Bastion for safe administrative entry to their cloud infrastructure.
Attackers Can Escalate Privileges With out Person Interplay
The vulnerability undermines this safety mannequin by enabling attackers to achieve administrative entry by means of a single community request, doubtlessly compromising all digital machines accessible by means of the Bastion host.
In accordance with zeropath, the vulnerability stems from improper dealing with of authentication tokens throughout the Bastion service.
Attackers can intercept and replay legitimate authentication credentials to bypass safety controls and assume administrative privileges.
FieldDetailsCVE IDCVE-2025-49752Vulnerability TypeAuthentication Bypass (CWE-294)CVSS Score10.0 (Vital)Affected ProductMicrosoft Azure Bastion (all variations previous to Nov 20, 2025)Assault VectorNetworkImpactRemote Privilege Escalation to Administrative Stage
With a CVSS rating of 10.0, this vulnerability represents the very best severity classification, indicating it’s remotely exploitable, requires no person interplay, and calls for no prior authentication.
The vital side of CVE-2025-49752 is its network-based exploitability. No bodily entry, particular privileges, or person involvement is critical for profitable exploitation.
An attacker anyplace on the community can compromise the whole Bastion infrastructure and the digital machines linked to it.
All Azure Bastion deployments earlier than the safety replace launched on November 20, 2025, are weak.
Microsoft has not launched particular model numbers, suggesting that the vulnerability impacts all configurations utilizing the service.
Zeropath says organizations ought to rapidly verify their Azure Bastion setups and ensure all safety patches are put in.
This vulnerability provides to a rising checklist of vital authentication and privilege escalation flaws found in Azure providers all through 2025, together with CVE-2025-54914 and CVE-2025-29827.
Regardless of Microsoft’s Safe Future Initiative, geared toward bettering safety improvement practices, recurring authentication points proceed to have an effect on Azure infrastructure.
Zeropath Safety groups ought to prioritize patching this vulnerability instantly and conduct a complete audit of administrative entry logs to detect any unauthorized exercise.
Organizations also needs to assessment community segmentation and entry controls surrounding their Azure Bastion deployments.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
