CVE-2025-27489

Summary

Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftAzure Stack HCI OS10.0.25398.0 < 10.0.25398.1486affected
MicrosoftAzure Stack OS HCI10.0.20349.0 < 10.0.20348.3328affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References