CVE-2025-47988

CWE-94Code Injection4 documents4 sources
Severity
7.5HIGH
EPSS
0.2%
top 54.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Azure MonitorMicrosoft Azure Monitor Agent
Timeline
PublishedJul 8

Description

Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft/azure_monitor1.0.01.35.1

🔴Vulnerability Details

2
CVEList
Azure Monitor Agent Remote Code Execution Vulnerability2025-07-08
GHSA
GHSA-fvm8-p9v4-fpvh: Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent netw2025-07-08

📋Vendor Advisories

1
Microsoft
Azure Monitor Agent Remote Code Execution Vulnerability2025-07-08
CVE-2025-47988 (HIGH CVSS 7.5) | Improper control of generation of c | cvebase.io