CVE-2025-59291
Published: 14 October 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-59291 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting Confidential Azure Container Instances, a component of Microsoft Azure. Published on 2025-10-14, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The issue enables an authorized attacker to gain elevated privileges locally through improper handling of file names or paths.
Exploitation requires local access (AV:L) and high privileges (PR:H), such as an authorized account on the system, with low attack complexity (AC:L) and no user interaction (UI:N). A successful attack results in high impacts across confidentiality, integrity, and availability (C:I:A:H), accompanied by a scope change (S:C) that allows the attacker to elevate privileges beyond their initial authorization.
Microsoft's Security Response Center provides an update guide with vulnerability details and mitigation recommendations at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59291.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables local privilege escalation through exploitation of improper file name/path handling (CWE-73), directly mapping to T1068: Exploitation for Privilege Escalation.