Security News > 2025 > February > Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
2025-02-04 05:08
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service
News URL
https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html
Related news
- Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme (source)
- Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability (source)
- Microsoft names cybercriminals behind AI deepfake network (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-29 | CVE-2025-21415 | Authentication Bypass by Spoofing vulnerability in Microsoft Azure AI Face Service Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | 8.8 |
| 2025-01-29 | CVE-2025-21396 | Unspecified vulnerability in Microsoft Account Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | 8.2 |