CVE-2025-59247

High

Published: 09 October 2025

Published

09 October 2025

Modified

20 October 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0018 39.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59247 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Azure Playfab. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Enforces least privilege to directly mitigate improper privilege management (CWE-269) that enables low-privilege users to escalate access in this Azure PlayFab vulnerability.

AC-3 Access Enforcement good match

prevent

Requires enforcement of approved authorizations, preventing unauthorized privilege elevation exploited by authenticated low-privilege attackers.

SC-23 Session Authenticity good match

prevent

Protects session authenticity to address reliance on cookies without validation and integrity checking (CWE-565), blocking manipulation leading to privilege escalation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability is explicitly an Elevation of Privilege issue (CWE-269) exploitable by low-privileged authenticated users to gain high-impact access remotely, directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Azure PlayFab Elevation of Privilege Vulnerability

Deeper analysisAI

CVE-2025-59247 is an Elevation of Privilege vulnerability affecting Azure PlayFab, a Microsoft cloud service for game development. Assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it stems from improper privilege management (CWE-269) and reliance on cookies without validation and integrity checking (CWE-565). The vulnerability was publicly disclosed on October 9, 2025.

An authenticated attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to elevate privileges, potentially gaining high-impact access to confidentiality, integrity, and availability of affected systems or data within the Azure PlayFab environment.

Microsoft's Security Response Center has published an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59247, which provides details on patches, mitigations, and workarounds for addressing the vulnerability. Security practitioners should consult this advisory for implementation guidance.

Details

CWE(s): CWE-269 CWE-565

Affected Products

microsoft

azure playfab

all versions

CVEs Like This One

CVE-2025-49758Same vendor: Microsoft

CVE-2025-21360Same vendor: Microsoft

CVE-2026-21533Same vendor: Microsoft

CVE-2025-21287Same vendor: Microsoft

CVE-2025-54914Same vendor: Microsoft

CVE-2026-24293Same vendor: Microsoft

CVE-2025-21359Same vendor: Microsoft

CVE-2025-21367Same vendor: Microsoft

CVE-2025-49739Same vendor: Microsoft

CVE-2026-32164Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59247
Vendor Advisory · secure@microsoft.com