The flaw, categorized as an authentication bypass vulnerability, poses an immediate risk to organizations that rely on Azure Bastion for secure administrative access to their cloud infrastructure.
The vulnerability undermines this security model by enabling attackers to gain administrative access through a single network request, potentially compromising all virtual machines accessible through the Bastion host.
According to zeropath, the vulnerability stems from improper handling of authentication tokens within the Bastion service.
Attackers can intercept and replay valid authentication credentials to bypass security controls and assume administrative privileges.
| Field | Details |
|---|---|
| CVE ID | CVE-2025-49752 |
| Vulnerability Type | Authentication Bypass (CWE-294) |
| CVSS Score | 10.0 (Critical) |
| Affected Product | Microsoft Azure Bastion (all versions prior to Nov 20, 2025) |
| Attack Vector | Network |
| Impact | Remote Privilege Escalation to Administrative Level |
With a CVSS score of 10.0, this vulnerability represents the highest severity classification, indicating it is remotely exploitable, requires no user interaction, and demands no prior authentication.
The critical aspect of CVE-2025-49752 is its network-based exploitability. No physical access, special privileges, or user involvement is necessary for successful exploitation.
An attacker anywhere on the network can compromise the entire Bastion infrastructure and the virtual machines connected to it.
All Azure Bastion deployments before the security update released on November 20, 2025, are vulnerable.
Microsoft has not released specific version numbers, suggesting that the vulnerability affects all configurations using the service.
Zeropath says organizations should quickly check their Azure Bastion setups and make sure all security patches are installed.
This vulnerability adds to a growing list of critical authentication and privilege escalation flaws discovered in Azure services throughout 2025, including CVE-2025-54914 and CVE-2025-29827.
Despite Microsoft’s Secure Future Initiative, aimed at improving security development practices, recurring authentication issues continue to affect Azure infrastructure.
Zeropath Security teams should prioritize patching this vulnerability immediately and conduct a comprehensive audit of administrative access logs to detect any unauthorized activity.
Organizations should also review network segmentation and access controls surrounding their Azure Bastion deployments.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges appeared first on Cyber Security News.
Though it was weird to see the Golden Globes partner with Polymarket for its most…
Neo to the left of me. Pros are to the right. | Photo: Antonio G.…
Zendesk is to acquire Forethought AI. It says that this will be its largest acquisition…
You may recognize Jonathan Djob Nkondo's work from animated projects like the surreal sci-fi series…
A new weekend has arrived, and today, you can save big on LEGO Star Wars,…
The Michigan synagogue that came under attack this week when an armed man drove his car into…
This website uses cookies.