CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability
Published May 8, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
Microsoft Security Response Center Blog Alerts
CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability
Published May 8, 2025
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
CVE-2025-33072 Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
Published May 8, 2025
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
CVE-2025-21416 Azure Virtual Desktop Elevation of Privilege Vulnerability
Published April 30, 2025
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
CVE-2025-30392 Azure AI bot Elevation of Privilege Vulnerability
Published April 30, 2025
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-30390 Azure ML Compute Elevation of Privilege Vulnerability
Published April 30, 2025
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
CVE-2025-33074 Azure Functions Remote Code Execution Vulnerability
Published April 30, 2025
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability
Published April 30, 2025
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-30391 Microsoft Dynamics Information Disclosure Vulnerability
Published April 30, 2025
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
Chromium: CVE-2025-3619 Heap buffer overflow in Codecs
Published April 17, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
