CVE-2025-59291

High

Published: 14 October 2025

Published

14 October 2025

Modified

17 October 2025

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0014 32.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59291 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Microsoft Azure Compute Gallery. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 32.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the specific path traversal flaw in Confidential Azure Container Instances by requiring timely application of vendor-provided patches and updates.

SI-10 Information Input Validation good match

prevent

Validates file names and paths to prevent external control exploitation that enables local privilege escalation.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to restrict the initial high-privilege account's capabilities, limiting potential escalation impact from path manipulation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability enables local privilege escalation through exploitation of improper file name/path handling (CWE-73), directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2025-59291 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting Confidential Azure Container Instances, a component of Microsoft Azure. Published on 2025-10-14, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The issue enables an authorized attacker to gain elevated privileges locally through improper handling of file names or paths.

Exploitation requires local access (AV:L) and high privileges (PR:H), such as an authorized account on the system, with low attack complexity (AC:L) and no user interaction (UI:N). A successful attack results in high impacts across confidentiality, integrity, and availability (C:I:A:H), accompanied by a scope change (S:C) that allows the attacker to elevate privileges beyond their initial authorization.

Microsoft's Security Response Center provides an update guide with vulnerability details and mitigation recommendations at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59291.

Details

CWE(s): CWE-73

Affected Products

microsoft

azure compute gallery

all versions

CVEs Like This One

CVE-2025-59292Same product: Microsoft Azure Compute Gallery

CVE-2026-24287Same vendor: Microsoft

CVE-2026-20931Same vendor: Microsoft

CVE-2025-60710Same vendor: Microsoft

CVE-2026-32090Same vendor: Microsoft

CVE-2026-27916Same vendor: Microsoft

CVE-2025-54914Same vendor: Microsoft

CVE-2025-21358Same vendor: Microsoft

CVE-2026-21244Same vendor: Microsoft

CVE-2026-24293Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59291
Vendor Advisory · secure@microsoft.com