CVE-2025-59292

High

Published: 14 October 2025

Published

14 October 2025

Modified

17 October 2025

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0014 32.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59292 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Microsoft Azure Compute Gallery. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 32.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates file name and path inputs to block external control exploitation that enables local privilege escalation.

AC-6 Least Privilege good match

prevent

Enforces least privilege to limit the impact and success of privilege escalation via manipulated file paths in container instances.

AC-3 Access Enforcement partial match

prevent

Mandates enforcement of access controls on file system resources to restrict unauthorized access despite path traversal attempts.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability enables local privilege escalation through exploitation of a path/file name manipulation flaw (CWE-73), directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2025-59292 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting Confidential Azure Container Instances. Published on 2025-10-14T17:16:12.517, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The issue enables an authorized attacker to elevate privileges locally by manipulating file names or paths.

Exploitation requires local access and high privileges (PR:H), with low attack complexity and no user interaction needed. A successful attack changes scope (S:C) and results in high impacts to confidentiality, integrity, and availability, allowing the attacker to escalate privileges within the affected environment.

Microsoft's update guide provides details on mitigation and patching for CVE-2025-59292, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59292.

Details

CWE(s): CWE-73

Affected Products

microsoft

azure compute gallery

all versions

CVEs Like This One

CVE-2025-59291Same product: Microsoft Azure Compute Gallery

CVE-2026-24287Same vendor: Microsoft

CVE-2026-20931Same vendor: Microsoft

CVE-2025-60710Same vendor: Microsoft

CVE-2026-32090Same vendor: Microsoft

CVE-2026-27916Same vendor: Microsoft

CVE-2025-54914Same vendor: Microsoft

CVE-2025-21358Same vendor: Microsoft

CVE-2026-21244Same vendor: Microsoft

CVE-2026-24293Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59292
Vendor Advisory · secure@microsoft.com