cve 2025 40103

CVE-2025-40103 is a vulnerability that affects the Azure Linux product family, including CBL-Mariner and Azure Linux lineage. Microsoft's MSRC advisory confirms that Azure Linux includes the vulnerable open-source library and is potentially affected. However, this is a product-scoped attestation and does not guarantee that other Microsoft products are unaffected. The vulnerability is documented through machine-readable CSAF/VEX attestations, which Microsoft has begun publishing for Azure Linux. Discussions on WindowsForum.com clarify the scope and limits of this CVE, emphasizing that the attestation applies specifically to Azure Linux and not necessarily to other Microsoft offerings.