CVE-2025-59292

High

Published: 14 October 2025

Published

14 October 2025

Modified

17 October 2025

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0012 30.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-59292 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting Confidential Azure Container Instances. Published on 2025-10-14T17:16:12.517, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The issue enables an authorized attacker to elevate privileges locally by manipulating file names or paths.

Exploitation requires local access and high privileges (PR:H), with low attack complexity and no user interaction needed. A successful attack changes scope (S:C) and results in high impacts to confidentiality, integrity, and availability, allowing the attacker to escalate privileges within the affected environment.

Microsoft's update guide provides details on mitigation and patching for CVE-2025-59292, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59292.

Details

CWE(s): CWE-73

Affected Products

microsoft

azure compute gallery

all versions

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability enables local privilege escalation through exploitation of a path/file name manipulation flaw (CWE-73), directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59292
Vendor Advisory · secure@microsoft.com