CVE-2025-58724
published 2025-10-14CVE-2025-58724: Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | arc_enabled_servers_azure_connected_machine_agent | >= 1.0.0 < 1.57 | 1.57 |
| microsoft | azure_connected_machine_agent | < 1.57 | 1.57 |
| msrc | arc_enabled_servers_azure_connected_machine_agent | — | — |