Severity
High
Analysis Summary
CVE-2025-59292 CVSS:7.1
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
CVE-2025-59218 CVSS:8.3
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-59246 CVSS:8.5
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-55321 CVSS:7.6
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.
CVE-2025-59247 CVSS:7.7
Azure PlayFab Elevation of Privilege Vulnerability
CVE-2025-59291 CVSS:7.1
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
CVE-2025-59272 CVSS:5.7
Copilot Spoofing Vulnerability
CVE-2025-59286 CVSS:6.5
Copilot Spoofing Vulnerability
CVE-2025-59252 CVSS:6.5
M365 Copilot Spoofing Vulnerability
Impact
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2025-59292
- CVE-2025-59218
- CVE-2025-59246
- CVE-2025-55321
- CVE-2025-59247
- CVE-2025-59291
- CVE-2025-59272
- CVE-2025-59286
- CVE-2025-59252
Affected Vendors
- Microsoft
Affected Products
- Microsoft 365 Copilot Business Chat
- Microsoft Azure Compute Gallery
- Microsoft Entra ID
- Microsoft Azure Monitor
- Microsoft Azure PlayFab
- Microsoft 365 Word Copilot
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.