You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 38117
About this tag
CVE-2025-38117 is a security vulnerability affecting the Azure Linux family due to an open-source Bluetooth library. Microsoft has confirmed that Azure Linux includes this library and is potentially affected, making it a high-priority target for patching. However, the vulnerability may also exist in other Microsoft products, which should be verified through artifact inspection or official Microsoft VEX/CSAF attestations. Discussions on WindowsForum emphasize the need for careful risk assessment and patch prioritization, particularly for carriers and enterprise environments relying on Azure Linux. Users are advised to treat Azure Linux as a confirmed carrier and to verify other Microsoft artifacts independently until updated attestations are available.
The Microsoft Security Response Center’s short FAQ line — “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate for the Azure Linux family, but it is not a categorical guarantee that no other Microsoft product can contain the same vulnerable Linux...