Microsoft fixes the important CVSS 9.9 report risk in Azure AI Face Service.

Feb 04, 2025The Hacker NewsVulnerability / Cloud Security

Azure AI Face Service and Microsoft Account are both affected by two Critical-rated security flaws that Microsoft has patched, allowing a destructive professional to increase their privileges in some circumstances.

Below are the shortcomings outlined.

    CVE-2025-21396 ( CVSS score: 7.5 )- Microsoft Account Elevation of Privilege Vulnerability

  • ( CVSS score: 9.9 )- Azure AI Face Service Elevation of Privilege Vulnerability

In an consulting for CVE-2025-21415, Microsoft praised an anonymous scholar for reporting the flaw, citing” spoofing” in Azure AI Face Service to allow an official attacker to increase protections over a network.

On the other hand, CVE-2025-21396 is the result of a misplaced license that might allow an unauthorised intruder to gain access to a network. Sugobet, a safety scientist, was given the credit for finding it.

The tech giant also noted that it’s aware of the existence of a proof-of-concept ( PoC ) exploit code for CVE-2025-21415, adding both vulnerabilities have been fully mitigated. No user action is required to address the shortcomings.

Whether clients need to place a piece or take other security measures, Microsoft continues to work to boost transparency by issuing CVEs for crucial cloud service vulnerabilities.

We must be open about considerable security flaws that are discovered and fixed as our industry matures and more and more people move to cloud-based services, it said in a note from June 2024.

We let Microsoft and our partners learn and grow by openly sharing knowledge about vulnerabilities that have been discovered and fixed. This cooperative efforts improves our crucial infrastructure’s resilience and security.

Found this post interesting? One of our valued associates contributed to this article. Following us on and Twitter to access more unique content.

Leave a Comment