Cyber Resilience

CVE-2025-59291

High

Published: 14 October 2025

Published
14 October 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0017 38.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59291 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Microsoft Azure Compute Gallery. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 38.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-59291 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting Confidential Azure Container Instances, a component of Microsoft Azure. Published on 2025-10-14, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The issue enables an authorized attacker to gain elevated privileges locally through improper handling of file names or paths.

Exploitation requires local access (AV:L) and high privileges (PR:H), such as an authorized account on the system, with low attack complexity (AC:L) and no user interaction (UI:N). A successful attack results in high impacts across confidentiality, integrity, and availability (C:I:A:H), accompanied by a scope change (S:C) that allows the attacker to elevate privileges beyond their initial authorization.

Microsoft's Security Response Center provides an update guide with vulnerability details and mitigation recommendations at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59291.

EU & UK References

Vulnerability details

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability enables local privilege escalation through exploitation of improper file name/path handling (CWE-73), directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59292Same product: Microsoft Azure Compute Gallery
CVE-2026-41088Same vendor: Microsoft
CVE-2026-20931Same vendor: Microsoft
CVE-2026-24287Same vendor: Microsoft
CVE-2026-21231Same vendor: Microsoft
CVE-2026-32091Same vendor: Microsoft
CVE-2026-25174Same vendor: Microsoft
CVE-2026-42823Same vendor: Microsoft
CVE-2025-59247Same vendor: Microsoft
CVE-2025-49687Same vendor: Microsoft

Affected Assets

microsoft
azure compute gallery
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the specific path traversal flaw in Confidential Azure Container Instances by requiring timely application of vendor-provided patches and updates.

prevent

Validates file names and paths to prevent external control exploitation that enables local privilege escalation.

prevent

Enforces least privilege to restrict the initial high-privilege account's capabilities, limiting potential escalation impact from path manipulation.

References