Microsoft disclosed a important authentication bypass vulnerability in Azure Bastion, its managed distant entry service, enabling attackers to escalate privileges to administrative ranges with a single community request.
The vulnerability, designated CVE-2025-49752, impacts all Azure Bastion deployments and obtained an emergency safety patch on November 20, 2025.
| Attribute | Particulars |
|---|---|
| CVE ID | CVE-2025-49752 |
| Vulnerability Kind | Authentication Bypass / Elevation of Privilege |
| CWE Classification | CWE-294 (Authentication Bypass by Seize-Replay) |
| CVSS Rating | 10.0 (Crucial) |
| Assault Vector | Community |
The vulnerability undermines these protections by permitting distant privilege escalation with out prior authentication or person interplay.
Technical Particulars and Exploitation Danger
CVE-2025-49752 exploits authentication capture-replay strategies, a well-established assault sample the place legitimate credentials or authentication tokens are intercepted and replayed to realize unauthorized entry.
The vulnerability achieves a most CVSS rating of 10.0, indicating it may be exploited remotely over the community from any location with out requiring particular privileges or person help.
The important nature of this vulnerability stems from its network-accessible exploitation pathway.
An attacker can bypass Azure Bastion’s authentication mechanisms solely and assume administrative privileges, probably accessing all digital machines reachable by the compromised Bastion host.
This represents an entire compromise of the Bastion service’s safety structure.
Microsoft has not disclosed detailed technical specs, proof-of-concept code, or assault strategies as of November 20, 2025.
Safety researchers haven’t documented energetic exploitation in manufacturing environments, although this doesn’t diminish the urgency of patching affected techniques.
All organizations utilizing Azure Bastion ought to apply Microsoft’s safety replace immediately. The patch was launched on November 20, 2025, and deployment must be prioritized as a important safety incident.
System directors ought to confirm that each one Azure Bastion situations have obtained the replace and monitor logs for suspicious authentication makes an attempt or uncommon administrative entry patterns.
Contemplate implementing further community segmentation and entry controls whereas deployments are being patched.
Organizations must also audit latest administrative entry logs to find out if the vulnerability was exploited earlier than patches have been utilized.
If unauthorized entry is detected, rapid incident response procedures must be initiated.
Observe us on Google Information, LinkedIn, and X to Get Prompt Updates and set GBH as a Most popular Supply in Google.
