Azure Front Door includes an elevation of privilege flaw that permits an attacker to acquire higher-than‑intended access to the service. The weakness arises from improper access control within the Azure Front Door management interface, allowing operations that modify routing rules, security policies, or other configuration settings. If successful, an attacker could compromise confidentiality by redirecting traffic, alter integrity by injecting malicious payloads or creating unauthorized endpoints, and disrupt availability by misconfiguring health probes or rate limiting. The threat is classified under CWE‑284, which denotes authorization weaknesses. Based on the description, the attack may require legitimate credentials that have been granted higher privileges than intended or exploited through an existing misconfiguration.

The vulnerability affects Microsoft Azure Front Door, a cloud‑based load‑balancing and routing service. No specific versions are listed; Microsoft’s advisory does not enumerate affected releases.

The CVSS score of 9.8 indicates a critical severity. The EPSS score of less than 1% suggests a very low, but non‑zero likelihood of exploitation in the wild. The vulnerability is not yet listed in the CISA Known Exploited Vulnerabilities catalog. Attackers would almost certainly approach the flaw remotely through web or API requests to Azure Front Door’s management endpoints, possibly leveraging compromised credentials or misconfigured roles. Successful exploitation would grant escalated privileges within the service, enabling a range of disruptive or data‑exfiltrative actions.