Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-21415 CVSS:9.9

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

CVE-2025-21396 CVSS:7.5

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.

Impact

Security Bypass
Privilege Escalation

Indicators of Compromise

CVE

CVE-2025-21415
CVE-2025-21396

Affected Vendors

Microsoft

Affected Products

Microsoft Azure AI Face Service
Microsoft Account

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-21415

CVE-2025-21396

CVE-2025-23374 – Dell Enterprise SONiC Vulnerability

DanaBot Trojan – Active IOCs

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan