CVE-2025-23374 – Dell Enterprise SONiC Vulnerability
January 30, 2025DanaBot Trojan – Active IOCs
January 30, 2025CVE-2025-23374 – Dell Enterprise SONiC Vulnerability
January 30, 2025DanaBot Trojan – Active IOCs
January 30, 2025Severity
High
Analysis Summary
CVE-2025-21415 CVSS:9.9
Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.
CVE-2025-21396 CVSS:7.5
Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.
Impact
- Security Bypass
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-21415
CVE-2025-21396
Affected Vendors
- Microsoft
Affected Products
- Microsoft Azure AI Face Service
- Microsoft Account
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.