CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Overview
- What happened: Microsoft has posted an advisory for CVE‑2025‑49692 describing an improper access control vulnerability in the Azure Connected Machine (Windows Virtual Machine) Agent that can allow an authorized/local attacker to elevate privileges on an affected host.
- Why it matters: the Azure Connected Machine (aka “Azure Arc” / connected‑machine) agent runs on Windows and Linux machines to enable management, extensions and identity features. Because the agent installs services, local interfaces and a local metadata endpoint, a privilege‑escalation (EoP) bug in that software can let a low‑privileged local user, or an attacker who has gained limited local access, escalate to higher privileges (potentially SYSTEM/root) and perform persistent or cloud‑facing actions from the compromised host. Microsoft’s advisory classifies this as an elevation‑of‑privilege issue and identifies the agent as the affected component. (msrc.microsoft.com, thomasmaurer.ch, msrc.microsoft.com, msrc.microsoft.com, tenable.com, learn.microsoft.com, tenable.com, thomasmaurer.ch, msrc.microsoft.com, learn.microsoft.com, Security Update Guide - Microsoft Security Response Center
