CVE-2025-24049

Опубликовано: 11 мар. 2025

Источник: msrc

CVSS3: 8.4

EPSS Низкий

Описание

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

The attacker would gain the rights of the user that is running the affected application.

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by passing a specially crafted key-value argument to Azure CLI, injecting arbitrary Python code that modifies runtime behavior.

Обновления

Продукт	Статья	Обновление
Azure CLI	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 33%

0.00129

Низкий

8.4 High

CVSS3

Связанные уязвимости

CVE-2025-24049

CVSS3: 8.4

nvd

6 месяцев назад

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.

SUSE-SU-2025:1182-1

suse-cvrf

5 месяцев назад

Security update for azure-cli-core

SUSE-SU-2025:1019-1

suse-cvrf

5 месяцев назад

Security update for azure-cli-core

GHSA-qjf4-cfqr-rj5j

CVSS3: 8.4

github

6 месяцев назад

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.

BDU:2025-02634

CVSS3: 8.4

fstec

6 месяцев назад

Уязвимость интерфейса командной строки (CLI) платформы Microsoft Azure, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 33%

0.00129

Низкий

8.4 High

CVSS3