You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-49692
About this tag
CVE-2025-49692 is a vulnerability in the Azure Connected Machine Agent (Azure Arc) that allows an authorized local attacker to elevate privileges on an affected host. The issue stems from improper access control in the agent, which runs on Windows and Linux machines to enable management and extensions. Microsoft has released an advisory and patch for this elevation of privilege vulnerability. On WindowsForum.com, discussions cover the technical details, impact, and steps to patch and defend against CVE-2025-49692, including guidance for IT administrators managing hybrid environments.
CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Overview
What happened: Microsoft has posted an advisory for CVE‑2025‑49692 describing an improper access control vulnerability in the Azure Connected Machine (Windows Virtual Machine) Agent that can allow an...