A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels.
The flaw, categorized as an authentication bypass vulnerability, poses an immediate risk to organizations that rely on Azure Bastion for secure administrative access to their cloud infrastructure.
Attackers Can Escalate Privileges Without User Interaction
The vulnerability undermines this security model by enabling attackers to gain administrative access through a single network request, potentially compromising all virtual machines accessible through the Bastion host.
According to zeropath, the vulnerability stems from improper handling of authentication tokens within the Bastion service.
Attackers can intercept and replay valid authentication credentials to bypass security controls and assume administrative privileges.
| Field | Details |
|---|---|
| CVE ID | CVE-2025-49752 |
| Vulnerability Type | Authentication Bypass (CWE-294) |
| CVSS Score | 10.0 (Critical) |
| Affected Product | Microsoft Azure Bastion (all versions prior to Nov 20, 2025) |
| Attack Vector | Network |
| Impact | Remote Privilege Escalation to Administrative Level |
With a CVSS score of 10.0, this vulnerability represents the highest severity classification, indicating it is remotely exploitable, requires no user interaction, and demands no prior authentication.
The critical aspect of CVE-2025-49752 is its network-based exploitability. No physical access, special privileges, or user involvement is necessary for successful exploitation.
An attacker anywhere on the network can compromise the entire Bastion infrastructure and the virtual machines connected to it.
All Azure Bastion deployments before the security update released on November 20, 2025, are vulnerable.
Microsoft has not released specific version numbers, suggesting that the vulnerability affects all configurations using the service.
Zeropath says organizations should quickly check their Azure Bastion setups and make sure all security patches are installed.
This vulnerability adds to a growing list of critical authentication and privilege escalation flaws discovered in Azure services throughout 2025, including CVE-2025-54914 and CVE-2025-29827.
Despite Microsoft’s Secure Future Initiative, aimed at improving security development practices, recurring authentication issues continue to affect Azure infrastructure.
Zeropath Security teams should prioritize patching this vulnerability immediately and conduct a comprehensive audit of administrative access logs to detect any unauthorized activity.
Organizations should also review network segmentation and access controls surrounding their Azure Bastion deployments.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
