Microsoft has released patches to address two security deficiencies that affect the Azure AI Face and Microsoft account that can allow malicious actors to escalate their privileges under certain conditions.
Disadvantages are below –
- Cve-2025-21396 (CVSS assessment: 7.5) – Exaltation of Microsoft account vulnerability
- Cve-2025-21415 (CVSS assessment: 9.9) – Azure AI Personal Exaltation Vulinity
“Bypass authentication by fake Azure AI Face Service allows the authorized attackers to raise privileges over the network,” Microsoft in CV-2025-21415, counted an anonymous researcher for the shortage of the deficiency.
The CVE-2025-21396, on the other hand, stems from the disappeared resolution that may allow an unauthorized attacker to raise privileges on the net. The safety researcher, which is pseudonym by Sougabet, was recognized for his opening.
The technical giant also noted that he knows about the availability of the operation (POC) for the CVE-2025-21415, adding that both vulnerabilities were fully softened. Disadvantages do not require customer action.
Consultations are part of Microsoft’s constant effort to improve transparency by issuing Cves for critical cloud service, regardless of whether customers need to set a patch or take other actions to ensure themselves.
“As our industry is growing and more and more migrating on cloud services, we must be transparent about significant cybersecurity vulnerabilities that are and corrected,” this is ” noted Back in June 2024.
“Openly exchanging information about the vulnerabilities that are expressed and resolved, we allow Microsoft and our partners to learn and improve. These joint efforts contribute to the safety and sustainability of our important infrastructure.”
