CVE-2025-49707 - Vulnerability Details

- Azure Virtual Machines Spoofing Vulnerability

Description

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

Published: 2025-08-12

Score: 7.9 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Microsoft

DCadsv5-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

DCasv5-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

DCedsv5-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

DCesv5-series - Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

DCesv6-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

ECadsv5-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

ECasv5-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

ECedsv5-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

ECesv5-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

Ecesv6-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Microsoft

NCCadsH100v5-series Azure VM

affected

Version	Status	Constraints
`-`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Microsoft	Azure	—	—
Microsoft	Azure Virtual Machine	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-24276	Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00094.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707

History

Fri, 13 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft dcadsv5 Series Azure Vm Microsoft dcasv5 Series Azure Vm Microsoft dcedsv5 Series Azure Vm Microsoft dcesv5 Series Azure Vm Microsoft ecadsv5 Series Azure Vm Microsoft ecasv5 Series Azure Vm Microsoft ecedsv5 Series Azure Vm Microsoft ecesv5 Series Azure Vm Microsoft nccadsh100v5 Series Azure Vm
CPEs		cpe:2.3:a:microsoft:DCadsv5_series_Azure_VM:::::::: cpe:2.3:a:microsoft:DCasv5_series_Azure_VM:::::::: cpe:2.3:a:microsoft:DCedsv5_series_Azure_VM:::::::: cpe:2.3:a:microsoft:DCesv5_series_Azure_VM:::::::: cpe:2.3:a:microsoft:ECadsv5_series_Azure_VM:::::::: cpe:2.3:a:microsoft:ECasv5_series_Azure_VM:::::::: cpe:2.3:a:microsoft:ECedsv5_series_Azure_VM:::::::: cpe:2.3:a:microsoft:ECesv5_series_Azure_VM:::::::: cpe:2.3:a:microsoft:NCCadsH100v5_series_Azure_VM::::::::
Vendors & Products		Microsoft dcadsv5 Series Azure Vm Microsoft dcasv5 Series Azure Vm Microsoft dcedsv5 Series Azure Vm Microsoft dcesv5 Series Azure Vm Microsoft ecadsv5 Series Azure Vm Microsoft ecasv5 Series Azure Vm Microsoft ecedsv5 Series Azure Vm Microsoft ecesv5 Series Azure Vm Microsoft nccadsh100v5 Series Azure Vm

Wed, 20 Aug 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft dcadsv5-series Azure Vm Microsoft dcadsv5-series Azure Vm Firmware Microsoft dcasv5-series Azure Vm Microsoft dcasv5-series Azure Vm Firmware Microsoft dcedsv5-series Azure Vm Microsoft dcedsv5-series Azure Vm Firmware Microsoft dcesv5-series Azure Vm Microsoft dcesv5-series Azure Vm Firmware Microsoft dcesv6-series Azure Vm Microsoft dcesv6-series Azure Vm Firmware Microsoft ecadsv5-series Azure Vm Microsoft ecadsv5-series Azure Vm Firmware Microsoft ecasv5-series Azure Vm Microsoft ecasv5-series Azure Vm Firmware Microsoft ecedsv5-series Azure Vm Microsoft ecedsv5-series Azure Vm Firmware Microsoft ecesv5-series Azure Vm Microsoft ecesv5-series Azure Vm Firmware Microsoft ecesv6-series Azure Vm Microsoft ecesv6-series Azure Vm Firmware Microsoft nccadsh100v5-series Azure Vm Microsoft nccadsh100v5-series Azure Vm Firmware
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:::::::* cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:::::::*
Vendors & Products		Microsoft dcadsv5-series Azure Vm Microsoft dcadsv5-series Azure Vm Firmware Microsoft dcasv5-series Azure Vm Microsoft dcasv5-series Azure Vm Firmware Microsoft dcedsv5-series Azure Vm Microsoft dcedsv5-series Azure Vm Firmware Microsoft dcesv5-series Azure Vm Microsoft dcesv5-series Azure Vm Firmware Microsoft dcesv6-series Azure Vm Microsoft dcesv6-series Azure Vm Firmware Microsoft ecadsv5-series Azure Vm Microsoft ecadsv5-series Azure Vm Firmware Microsoft ecasv5-series Azure Vm Microsoft ecasv5-series Azure Vm Firmware Microsoft ecedsv5-series Azure Vm Microsoft ecedsv5-series Azure Vm Firmware Microsoft ecesv5-series Azure Vm Microsoft ecesv5-series Azure Vm Firmware Microsoft ecesv6-series Azure Vm Microsoft ecesv6-series Azure Vm Firmware Microsoft nccadsh100v5-series Azure Vm Microsoft nccadsh100v5-series Azure Vm Firmware

Thu, 14 Aug 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft azure Microsoft azure Virtual Machine
Vendors & Products		Microsoft Microsoft azure Microsoft azure Virtual Machine

Tue, 12 Aug 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 12 Aug 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
Title		Azure Virtual Machines Spoofing Vulnerability
Weaknesses		CWE-284
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707
Metrics		cvssV3_1 `{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C'}`

Subscriptions

Microsoft Dcadsv5 Series Azure Vm Dcasv5 Series Azure Vm Dcedsv5 Series Azure Vm Dcesv5 Series Azure Vm Ecadsv5 Series Azure Vm Ecasv5 Series Azure Vm Ecedsv5 Series Azure Vm Ecesv5 Series Azure Vm Nccadsh100v5 Series Azure Vm Azure Azure Virtual Machine Dcadsv5-series Azure Vm Dcadsv5-series Azure Vm Firmware Dcasv5-series Azure Vm Dcasv5-series Azure Vm Firmware Dcedsv5-series Azure Vm Dcedsv5-series Azure Vm Firmware Dcesv5-series Azure Vm Dcesv5-series Azure Vm Firmware Dcesv6-series Azure Vm Dcesv6-series Azure Vm Firmware Ecadsv5-series Azure Vm Ecadsv5-series Azure Vm Firmware Ecasv5-series Azure Vm Ecasv5-series Azure Vm Firmware Ecedsv5-series Azure Vm Ecedsv5-series Azure Vm Firmware Ecesv5-series Azure Vm Ecesv5-series Azure Vm Firmware Ecesv6-series Azure Vm Ecesv6-series Azure Vm Firmware Nccadsh100v5-series Azure Vm Nccadsh100v5-series Azure Vm Firmware

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-08-12T17:10:47.689Z

Updated: 2026-02-26T17:49:03.728Z

Reserved: 2025-06-09T19:59:44.875Z

Link: CVE-2025-49707

Vulnrichment

Updated: 2025-08-12T20:14:26.537Z

NVD

Status : Analyzed

Published: 2025-08-12T18:15:29.977

Modified: 2025-08-20T20:55:51.070

Link: CVE-2025-49707

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-08-13T21:48:05Z

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object