cbcvebase.
CVE-2025-59273
published 2025-10-23

CVE-2025-59273: Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.35%
26.5th percentile
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftazure_event_grid_system
msrcazure_event_grid_system

Detection & IOCsextracted from sources · hover to see the quote

  • ·This vulnerability has been fully mitigated server-side by Microsoft. No customer action, patching, or configuration change is required. There are no published technical details, PoC, or exploitation indicators available for detection engineering.
  • ·The vulnerability has NOT been publicly disclosed or exploited in the wild, meaning no IOCs or attack telemetry are available.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.