PT-2025-41994 · Microsoft · Azure Connected Machine Agent
Published
2025-10-14
·
Updated
2025-10-15
·
CVE-2025-47989
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Azure Connected Machine Agent (affected versions not specified)
Description
An improper access control issue exists in the Azure Connected Machine Agent. An attacker with local access can elevate privileges. This could lead to gaining administrative or SYSTEM-level control of the affected system.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Azure Connected Machine Agent