CVE-2025-49752, disclosed on November 20, 2025, poses a significant security risk to enterprises that rely on Azure Bastion for centralized RDP and SSH connectivity management.
The vulnerability exploits a fundamental flaw in Azure Bastion’s authentication mechanisms, classified as CWE-294 (Authentication Bypass by Capture-replay).
Attackers can intercept and replay valid authentication tokens to gain unauthorized administrative access to all virtual machines connected through the affected Bastion host.
The attack requires only a single network request and operates without user interaction, making it trivially exploitable for even moderately skilled threat actors.
With a maximum CVSS score of 10.0, CVE-2025-49752 ranks among the most dangerous cloud vulnerabilities discovered this year.
Remote exploitation requires no prior authentication or special privileges, meaning any internet-connected attacker can potentially compromise connected infrastructure.
Organizations running Azure Bastion deployments are urged to apply security updates immediately.
Microsoft has not published specific version numbers affected by this vulnerability, meaning all Azure Bastion deployments before the November 20, 2025, security patch are potentially vulnerable.
Any configuration that uses Azure Bastion for RDP or SSH access creates an attack surface for privilege escalation attempts.
This marks the third critical privilege escalation vulnerability in Microsoft Azure services discovered in 2025, following CVE-2025-54914 (Azure Networking, CVSS 10.0) and CVE-2025-29827 (Azure Automation, CVSS 9.9).
The pattern suggests systematic weaknesses in Azure’s authentication framework despite Microsoft’s Secure Future Initiative aimed at improving security development practices.
Organizations should prioritize applying the November 20, 2025, security patch to all Azure Bastion deployments.
Until patching is complete, administrators should implement network segmentation to limit exposure and monitor Bastion access logs for suspicious authentication attempts or unusual token replay activity.
| CVE ID | CVSS | Attack Vector | Complexity | Authentication Required |
|---|---|---|---|---|
| CVE-2025-49752 | 10.0 | Network | Low | None |
| CWE Classification | CWE-294 | Affected Component | Azure Bastion | Publication Date |
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Attackers Bypass Authentication and Escalate Privileges via Critical Azure Bastion Vulnerability appeared first on Cyber Security News.
According to Reuters, Meta is looking to offset spending on AI and data centers with…
Hulu has decided to scrap Buffy the Vampire Slayer: New Sunnydale, its planned continuation series…
Jostling a folded piece of paper, holding it marooned in the air, selectman Beth Blair…
Boscawen voters cruised through a speedy town meeting Friday night, one with so little controversy…
Happy Saturday, all! This week, we found a number of deals that should help you…
Though it was weird to see the Golden Globes partner with Polymarket for its most…
This website uses cookies.