Description
Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
Published: 2025-12-09
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in the Azure Monitor Agent that permits an authorized attacker to execute arbitrary code on the host over a network. This flaw is classified as a high‑impact type of buffer overflow (CWE‑131 and CWE‑787), which can compromise confidentiality, integrity, and availability by allowing remote code execution on affected systems.

Affected Systems

Microsoft Azure Monitor Agents are affected. Specific product versions are not listed in the advisory, so all deployments of the Azure Monitor Agent should be investigated for the existence of this flaw until a patch is confirmed to be applied.

Risk and Exploitability

With a CVSS score of 8.8 the vulnerability is considered high severity. The EPSS score is below 1%, indicating a low probability of exploitation at the time of this analysis, and the issue is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is a network attack that requires the attacker to be authenticated or authorized to interact with the Agent; remediation relies on patching or tightening network access to the Agent.

Generated by OpenCVE AI on April 20, 2026 at 15:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch for the Azure Monitor Agent as published by Microsoft; review the update guide linked in the advisory for the exact version that contains the fix.
  • If a patch cannot be applied immediately, limit network reachability to the Azure Monitor Agent by placing it behind a firewall or network segmentation so only trusted, authenticated hosts can communicate with it.
  • Enforce the principle of least privilege for users who are allowed to run commands through the Agent, and disable or revoke any unnecessary remote execution capabilities that might be abused by an attacker.

Generated by OpenCVE AI on April 20, 2026 at 15:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Dec 2025 18:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
Title Azure Monitor Agent Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft azure Monitor Agent
Weaknesses CWE-131
CWE-787
CPEs cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Monitor Agent
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Monitor Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-16T14:18:49.736Z

Reserved: 2025-10-15T17:11:21.219Z

Link: CVE-2025-62550

cve-icon Vulnrichment

Updated: 2025-12-09T20:14:21.916Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-09T18:16:00.117

Modified: 2025-12-10T19:23:31.993

Link: CVE-2025-62550

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:00:10Z

Weaknesses