cve 2025 39990

CVE-2025-39990 is a vulnerability affecting a Linux kernel component. Microsoft has publicly attested that Azure Linux includes the vulnerable open-source library and is therefore potentially affected. This product-scoped attestation applies specifically to the Azure Linux product family and does not automatically confirm or deny the presence of the vulnerability in other Microsoft products. Security teams should verify whether any Microsoft artifact that ships or runs a Linux kernel build contains the vulnerable code, as independent verification is necessary beyond Microsoft's initial attestation. The discussion on WindowsForum highlights the importance of checking each product individually rather than assuming all Microsoft offerings are affected or unaffected.