CVE-2025-47989
📊 7.0 HIGH⚡ 0.0%🎯 0 exploits
📅 Published Oct 14, 2025
📋 Status: Analyzed
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | microsoft | azure connected machine agent | < 1.57 | Vulnerable | cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: < 1.57
CPE:
cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
LOCAL
Complexity:
HIGH
Privileges:
LOW
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
7.0 (HIGH)v3.1
Source: [email protected]
EPSS Details
0.0% (Minimal)12.4th percentile
Last updated: Nov 1, 2025
Exploitation probability within 30 days
Published Date
Oct 14, 2025 (19 days ago)
Last Modified
Oct 20, 2025 (13 days ago)
Security Weaknesses1
CWE-284
References2
NVDadvisory