CVE-2025-53765
published 2025-08-12CVE-2025-53765: Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
PriorityP429medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.46%
36.4th percentile
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_app_service_on_azure_stack | < 102.10.2.11 | 102.10.2.11 |
| microsoft | azure_stack_hub | >= 1.0.0 < 102.10.2.11 | 102.10.2.11 |
| msrc | azure_stack_hub | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Azure Stack Hub Information Disclosure Vulnerability
vendor_msrc·2025-08-12·CVSS 4.4
CVE-2025-53765 [MEDIUM] CWE-359 Azure Stack Hub Information Disclosure Vulnerability
Azure Stack Hub Information Disclosure Vulnerability
Description: Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
FAQ: What type of information could be disclosed by this vulnerability?
This vulnerability could disclose administrator account passwords in the logs.
Azure Stack: Azure Stack
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
Remediation: Release Notes
Reference: https://aka.ms/appsvcupdate25R1installer
Reference: https://learn.microsoft.com/en-us/azure-stack/operator/app-service-release-notes-2025r1?view=azs-2501&tabs=EntraID
GHSA
GHSA-mm9r-mqf2-8fj4: Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally
ghsa_unreviewed·2025-08-12
CVE-2025-53765 [MEDIUM] CWE-359 GHSA-mm9r-mqf2-8fj4: Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
No detection rules found.
No public exploits indexed.
2025-08-12
Published