Security News > 2025 > February > Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
2025-02-04 05:08
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service
News URL
https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html
Related news
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- AI Vulnerability Finding (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-29 | CVE-2025-21415 | Authentication Bypass by Spoofing vulnerability in Microsoft Azure AI Face Service Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. | 8.8 |
| 2025-01-29 | CVE-2025-21396 | Unspecified vulnerability in Microsoft Account Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | 8.2 |