Cyber Resilience

CVE-2025-59292

High

Published: 14 October 2025

Published
14 October 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0017 38.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59292 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Microsoft Azure Compute Gallery. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 38.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-59292 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting Confidential Azure Container Instances. Published on 2025-10-14T17:16:12.517, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The issue enables an authorized attacker to elevate privileges locally by manipulating file names or paths.

Exploitation requires local access and high privileges (PR:H), with low attack complexity and no user interaction needed. A successful attack changes scope (S:C) and results in high impacts to confidentiality, integrity, and availability, allowing the attacker to escalate privileges within the affected environment.

Microsoft's update guide provides details on mitigation and patching for CVE-2025-59292, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59292.

EU & UK References

Vulnerability details

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability enables local privilege escalation through exploitation of a path/file name manipulation flaw (CWE-73), directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59291Same product: Microsoft Azure Compute Gallery
CVE-2026-41088Same vendor: Microsoft
CVE-2026-20931Same vendor: Microsoft
CVE-2026-24287Same vendor: Microsoft
CVE-2026-21231Same vendor: Microsoft
CVE-2026-32091Same vendor: Microsoft
CVE-2026-25174Same vendor: Microsoft
CVE-2026-42823Same vendor: Microsoft
CVE-2025-59247Same vendor: Microsoft
CVE-2025-49687Same vendor: Microsoft

Affected Assets

microsoft
azure compute gallery
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates file name and path inputs to block external control exploitation that enables local privilege escalation.

prevent

Enforces least privilege to limit the impact and success of privilege escalation via manipulated file paths in container instances.

prevent

Mandates enforcement of access controls on file system resources to restrict unauthorized access despite path traversal attempts.

References