CVE-2025-62550Incorrect Calculation of Buffer Size in Microsoft Azure Monitor

CWE-131Incorrect Calculation of Buffer SizeCWE-787Out-of-bounds Write5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 62.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Azure MonitorMicrosoft Azure Monitor Agent
Timeline
PublishedDec 9

Description

Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft/azure_monitor1.0.01.35.9

🔴Vulnerability Details

2
CVEList
Azure Monitor Agent Remote Code Execution Vulnerability2025-12-09
GHSA
GHSA-6jvc-gm78-f98r: Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network2025-12-09

📋Vendor Advisories

1
Microsoft
Azure Monitor Agent Remote Code Execution Vulnerability2025-12-09

🕵️Threat Intelligence

1
Wiz
CVE-2025-62550 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-62550 — Incorrect Calculation of Buffer Size | cvebase