cve-2025-49692

About this tag
CVE-2025-49692 is a vulnerability in the Azure Connected Machine Agent (Azure Arc) that allows an authorized local attacker to elevate privileges on an affected host. The issue stems from improper access control in the agent, which runs on Windows and Linux machines to enable management and extensions. Microsoft has released an advisory and patch for this elevation of privilege vulnerability. On WindowsForum.com, discussions cover the technical details, impact, and steps to patch and defend against CVE-2025-49692, including guidance for IT administrators managing hybrid environments.
  1. CVE-2025-49692: Azure Arc Connected Machine Agent Elevation of Privilege - Patch & Defend

    CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability Overview What happened: Microsoft has posted an advisory for CVE‑2025‑49692 describing an improper access control vulnerability in the Azure Connected Machine (Windows Virtual Machine) Agent that can allow an...