You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 55321
About this tag
CVE-2025-55321 is a high-severity cross-site scripting (XSS) vulnerability in Azure Monitor Log Analytics, classified as CWE-79. It allows a privileged user to inject and render attacker-controlled content in the Azure Monitor web UI, enabling spoofing of telemetry dashboards, alerts, and management screens. The issue is network-triggered at the presentation layer with a CVSS v3.1 base score of 8.7 (High). Microsoft's advisory is the primary source for details. Discussions on WindowsForum cover the vulnerability's impact, mitigation steps, and implications for Azure security monitoring.
Microsoft has published a high‑severity advisory for CVE‑2025‑55321: a cross‑site scripting (CWE‑79) flaw in Azure Monitor Log Analytics that can be abused by a privileged user to inject and render attacker‑controlled content in the Azure Monitor web UI, enabling spoofing of telemetry...