Azure Command Line Interface

azure_command-line_interface

Vendor: Microsoft • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-24049 1Microsoft 1Azure Command Line Interface Jul 2, 2025 Mar 11, 2025 N/A· v4 8.4 HIGH· v3 N/A· v2 Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.
CVE-2024-43591 1Microsoft 2Azure Command Line Interface Azure Service Connector Jul 2, 2025 Oct 8, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
CVE-2023-36052 1Microsoft 1Azure Command Line Interface Jul 2, 2025 Nov 14, 2023 N/A· v4 8.6 HIGH· v3 N/A· v2 Azure CLI REST Command Information Disclosure Vulnerability
CVE-2022-39327 1Microsoft 1Azure Command Line Interface Nov 21, 2024 Oct 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure C...Show more Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `\|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.Show less