CVE-2025-54914
Published: 04 September 2025
Summary
CVE-2025-54914 is a critical-severity Improper Access Control (CWE-284) vulnerability in Microsoft Azure Networking. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 19.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-54914 is an elevation of privilege vulnerability affecting the Azure Networking component. It carries a maximum CVSS 3.1 base score of 10.0 with the vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating a remotely exploitable flaw that can produce complete loss of confidentiality, integrity, and availability with a scope change. The issue is also tagged under CWE-284.
An unauthenticated attacker with network access can exploit the vulnerability to obtain elevated privileges within the affected Azure Networking environment, enabling full control over impacted resources without requiring user interaction.
Microsoft publishes remediation guidance for this CVE through its Security Response Center at the listed advisory URL. The EPSS score remains low and unchanged at 0.0132 from disclosure through the present measurement, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-26870
Vulnerability details
Azure Networking Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct EoP vulnerability (CWE-284) with remote unauthenticated attack vector enables T1068 Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access to information and system resources, directly mitigating the improper access control (CWE-284) that enables unauthenticated privilege escalation in Azure Networking.
Requires timely remediation of identified flaws such as this CVE through patching, preventing remote exploitation of the vulnerability in Azure Networking components.
Limits privileges to the minimum necessary, reducing the impact and scope of privilege escalation resulting from the access control vulnerability.