CVE-2025-59247
Published: 09 October 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-59247 is an Elevation of Privilege vulnerability affecting Azure PlayFab, a Microsoft cloud service for game development. Assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it stems from improper privilege management (CWE-269) and reliance on cookies without validation and integrity checking (CWE-565). The vulnerability was publicly disclosed on October 9, 2025.
An authenticated attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to elevate privileges, potentially gaining high-impact access to confidentiality, integrity, and availability of affected systems or data within the Azure PlayFab environment.
Microsoft's Security Response Center has published an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59247, which provides details on patches, mitigations, and workarounds for addressing the vulnerability. Security practitioners should consult this advisory for implementation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is explicitly an Elevation of Privilege issue (CWE-269) exploitable by low-privileged authenticated users to gain high-impact access remotely, directly mapping to T1068: Exploitation for Privilege Escalation.