CVE-2025-53781 - Vulnerability Details

Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Azure Azure Virtual Machine Dcadsv5-series Azure Vm Dcadsv5-series Azure Vm Firmware Dcasv5-series Azure Vm Dcasv5-series Azure Vm Firmware Dcedsv5-series Azure Vm Dcedsv5-series Azure Vm Firmware Dcesv5-series Azure Vm Dcesv5-series Azure Vm Firmware Dcesv6-series Azure Vm Dcesv6-series Azure Vm Firmware Ecadsv5-series Azure Vm Ecadsv5-series Azure Vm Firmware Ecasv5-series Azure Vm Ecasv5-series Azure Vm Firmware Ecedsv5-series Azure Vm Ecedsv5-series Azure Vm Firmware Ecesv5-series Azure Vm Ecesv5-series Azure Vm Firmware Ecesv6-series Azure Vm Ecesv6-series Azure Vm Firmware Nccadsh100v5-series Azure Vm Nccadsh100v5-series Azure Vm Firmware Virtual Machine

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Microsoft	Azure Azure Virtual Machine Virtual Machine

Advisories

Source	ID	Title
EUVD	EUVD-2025-24365	Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53781

History

Wed, 10 Sep 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft dcadsv5-series Azure Vm Microsoft dcadsv5-series Azure Vm Firmware Microsoft dcasv5-series Azure Vm Microsoft dcasv5-series Azure Vm Firmware Microsoft dcedsv5-series Azure Vm Microsoft dcedsv5-series Azure Vm Firmware Microsoft dcesv5-series Azure Vm Microsoft dcesv5-series Azure Vm Firmware Microsoft dcesv6-series Azure Vm Microsoft dcesv6-series Azure Vm Firmware Microsoft ecadsv5-series Azure Vm Microsoft ecadsv5-series Azure Vm Firmware Microsoft ecasv5-series Azure Vm Microsoft ecasv5-series Azure Vm Firmware Microsoft ecedsv5-series Azure Vm Microsoft ecedsv5-series Azure Vm Firmware Microsoft ecesv5-series Azure Vm Microsoft ecesv5-series Azure Vm Firmware Microsoft ecesv6-series Azure Vm Microsoft ecesv6-series Azure Vm Firmware Microsoft nccadsh100v5-series Azure Vm Microsoft nccadsh100v5-series Azure Vm Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:microsoft:dcadsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcasv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcedsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcesv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:dcesv6-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecadsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecasv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecedsv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecesv5-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:ecesv6-series_azure_vm:-:::::::* cpe:2.3:h:microsoft:nccadsh100v5-series_azure_vm:-:::::::* cpe:2.3:o:microsoft:dcadsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcasv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcedsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcesv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:dcesv6-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecadsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecasv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecedsv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecesv5-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:ecesv6-series_azure_vm_firmware:-:::::::* cpe:2.3:o:microsoft:nccadsh100v5-series_azure_vm_firmware:-:::::::*
Vendors & Products		Microsoft dcadsv5-series Azure Vm Microsoft dcadsv5-series Azure Vm Firmware Microsoft dcasv5-series Azure Vm Microsoft dcasv5-series Azure Vm Firmware Microsoft dcedsv5-series Azure Vm Microsoft dcedsv5-series Azure Vm Firmware Microsoft dcesv5-series Azure Vm Microsoft dcesv5-series Azure Vm Firmware Microsoft dcesv6-series Azure Vm Microsoft dcesv6-series Azure Vm Firmware Microsoft ecadsv5-series Azure Vm Microsoft ecadsv5-series Azure Vm Firmware Microsoft ecasv5-series Azure Vm Microsoft ecasv5-series Azure Vm Firmware Microsoft ecedsv5-series Azure Vm Microsoft ecedsv5-series Azure Vm Firmware Microsoft ecesv5-series Azure Vm Microsoft ecesv5-series Azure Vm Firmware Microsoft ecesv6-series Azure Vm Microsoft ecesv6-series Azure Vm Firmware Microsoft nccadsh100v5-series Azure Vm Microsoft nccadsh100v5-series Azure Vm Firmware

Thu, 14 Aug 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft azure Microsoft azure Virtual Machine Microsoft virtual Machine
Vendors & Products		Microsoft Microsoft azure Microsoft azure Virtual Machine Microsoft virtual Machine

Tue, 12 Aug 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 12 Aug 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
Title		Azure Virtual Machines Information Disclosure Vulnerability
Weaknesses		CWE-200
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53781
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-08-12T17:09:51.592Z

Updated: 2025-10-30T18:43:07.619Z

Reserved: 2025-07-09T13:25:25.502Z

Link: CVE-2025-53781

Vulnrichment

Updated: 2025-08-12T19:07:31.979Z

NVD

Status : Analyzed

Published: 2025-08-12T18:15:46.473

Modified: 2025-09-10T14:57:05.167

Link: CVE-2025-53781

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-08-13T21:48:00Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object