CVE-2025-49752

Name of the Vulnerable Software and Affected Versions Azure Bastion versions prior to November 20, 2025

Description A critical elevation of privilege flaw impacts Azure Bastion. Attackers can potentially gain higher permissions through capture-replay attacks if the system is unpatched. This allows for authentication bypass.

Recommendations Restrict access to Azure Bastion. Monitor logs for suspicious activity. Enable Multi-Factor Authentication (MFA). Update Azure Bastion to the version released on November 20, 2025.