CVE-2025-49707

nvd nist

Published: Aug 12, 2025Modified: Aug 20, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

Affected (11)

Products: Microsoft: Ecesv6 Series Azure Vm Firmware, Dcesv6 Series Azure Vm Firmware, Nccadsh100v5 Series Azure Vm Firmware, Ecedsv5 Series Azure Vm Firmware, Ecesv5 Series Azure Vm Firmware, Dcedsv5 Series Azure Vm Firmware, Dcesv5 Series Azure Vm Firmware, Ecadsv5 Series Azure Vm Firmware, Ecasv5 Series Azure Vm Firmware, Dcadsv5 Series Azure Vm Firmware, Dcasv5 Series Azure Vm Firmware

Microsoft

11 products

Ecesv6 Series Azure Vm Firmware

Dcesv6 Series Azure Vm Firmware

Nccadsh100v5 Series Azure Vm Firmware

Ecedsv5 Series Azure Vm Firmware

Ecesv5 Series Azure Vm Firmware

Dcedsv5 Series Azure Vm Firmware

Dcesv5 Series Azure Vm Firmware

Ecadsv5 Series Azure Vm Firmware

Ecasv5 Series Azure Vm Firmware

Dcadsv5 Series Azure Vm Firmware

Dcasv5 Series Azure Vm Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Ecesv6 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Ecesv6 Series Azure Vm	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Dcesv6 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Dcesv6 Series Azure Vm	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Nccadsh100v5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Nccadsh100v5 Series Azure Vm	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Ecedsv5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Ecedsv5 Series Azure Vm	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Ecesv5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Ecesv5 Series Azure Vm	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Dcedsv5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Dcedsv5 Series Azure Vm	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Dcesv5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Dcesv5 Series Azure Vm	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Ecadsv5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Ecadsv5 Series Azure Vm	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Ecasv5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Ecasv5 Series Azure Vm	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Dcadsv5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Dcadsv5 Series Azure Vm	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Dcasv5 Series Azure Vm Firmware	All versions

Running on/with	Platform Versions
Microsoft Dcasv5 Series Azure Vm	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.