CVE-2025-24049

Опубликовано: 11 мар. 2025

Источник: msrc

CVSS3: 8.4

EPSS Низкий

Описание

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

The attacker would gain the rights of the user that is running the affected application.

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by passing a specially crafted key-value argument to Azure CLI, injecting arbitrary Python code that modifies runtime behavior.

Обновления

Продукт	Статья	Обновление
Azure CLI	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 44%

0.00213

Низкий

8.4 High

CVSS3

Связанные уязвимости

CVE-2025-24049

CVSS3: 8.4

nvd

11 месяцев назад

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.

SUSE-SU-2026:0273-1

suse-cvrf

15 дней назад

Security update for azure-cli-core

SUSE-SU-2025:1182-1

suse-cvrf

10 месяцев назад

Security update for azure-cli-core

SUSE-SU-2025:1019-1

suse-cvrf

11 месяцев назад

Security update for azure-cli-core

GHSA-qjf4-cfqr-rj5j

CVSS3: 8.4

github

11 месяцев назад

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.

EPSS

Процентиль: 44%

0.00213

Низкий

8.4 High

CVSS3