Security News > 2025 > February > Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
2025-02-04 05:08
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service
News URL
https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html
Related news
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-29 | CVE-2025-21415 | Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | 9.9 |
2025-01-29 | CVE-2025-21396 | Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | 7.5 |