Microsoft has released a patch to deal with two important evaluation security defects that affect Azure AI Face Service and Microsoft accounts, which allow malicious actors to escalate privileges under specific conditions.
The defects are listed below –
CVE-2025-21396 (CVSS Score: 7.5) -Microsoft account privileged vulnerabilities CVE-2025-21415 (CVSS score: 9.9) -Azure ai face service high privileged vulnerability
“Azure ai face service authentication bypass can enhance privileges on the network,” Microsoft reports an anonymous researcher a defect. I admit what I did.
CVE-2025-21396, on the other hand, is derived from when unaccepted attackers have lost their permission to enhance the privilege on the network. A security researcher who goes to SUGOBET is recognized for discovering it.
It also noted that Tech Giant also recognizes the existence of CVE-2025-21415 concept demonstration (POC) Explit Code and recognizes that both vulnerabilities are completely alleviated. The disadvantage is that there is no need for customer behavior.
This advisory issues CVE for important cloud services vulnerabilities, regardless of whether customers need to install patches or execute other actions to secure themselves. By doing so, it is part of Microsoft’s continuous initiatives to improve transparency.
“As our industry mature and migrated to cloud -based services, we must be transparent on important cyber security vulnerabilities that have been discovered and fixed. Is stated.
“By openly sharing information about the discovered and resolved vulnerability, Microsoft and partners can learn and improve. This collaboration contributes to important infrastructure safety and resilience. “
Source link
