CVE-2025-58724

Severity

7.8HIGH

EPSS

0.1%

top 82.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 14

Description

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

GHSA

GHSA-h3w8-46xj-f555: Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally↗2025-10-14

▶

CVEList

Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability↗2025-10-14

▶

Microsoft

Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability↗2025-10-14

▶