Summary : Critical vulnerability CVE-2025-49752  in Azure Bastion, could allow remote privilege escalation, directly impacting the security of cloud infrastructure for organizations worldwide.

OEM	Microsoft
Severity	Critical
CVSS Score	10.0
CVEs	CVE-2025-49752
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

The vulnerability in Azure Bastion allows attackers to gain administrative access with a single network request and remote privilege escalation, resulting in full compromise of virtual machines connected through the Bastion host.

Azure Bastion is managed service that provides secure RDP and SSH access to virtual machines without exposing them to the public internet. While no active exploitation has been confirmed, administrators are urged to update the latest Microsoft security patch in the systems. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
​ Azure Bastion Elevation of Privilege Vulnerability	CVE-2025-49752	Microsoft Azure Bastion	Critical	Security Update Released Nov 20, 2025

Technical Summary 

The vulnerability in Azure Bastion’s login process allows attackers to reuse stolen authentication tokens to get in without valid login credentials. This way they can bypass normal security checks and gain admin-level access and perform administrator activities.

The attack can be carried out remotely over the network without needing any user interaction. After successful login, the attacker can fully control virtual machines connected through the Bastion service. This results in a complete takeover risk for cloud systems using Azure Bastion as per According to zeropath, the vulnerability stems from improper handling of authentication tokens within the Bastion service.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025- 49752	All Azure Bastion deployments prior to Nov 20, 2025	Authentication bypass via token replay enabling remote escalation to admin privileges	Full administrative VM access, Configuration modification, Unauthorized remote entry, Cloud workload compromise, Lateral movement.

Attackers Can Escalate Privileges Without User Interaction, for quick remediation follow below inputs

• Immediate Action: Apply Microsoft Azure Security patch released on Nov 20, 2025.  

Here are some recommendations below 

• Review logs to spot suspicious or abnormal authentication attempts. 

• Rotate privileged credentials for all accounts tied to Bastion access. 

• Enable alerts to notify on unexpected elevation of administrative access. 

• Security awareness training to help to identify and prevent latest cyber threats. 

Conclusion: 
This critical authentication bypass vulnerability exposes Azure Bastion deployments to severe risk, enabling remote administrative takeover without authentication or user interaction.

Organizations relying on Azure Bastion for secure cloud access must prioritize patching, log auditing, credential review and network control enforcement. Organizations should quickly check their Azure Bastion setups and make sure all security patches are installed.

Microsoft maintains a monthly patch cycle and has launched the Secure Future Initiative to improve security development. Despite these efforts, recurring authentication and privilege escalation issues have been observed across Azure services.

References: 

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49752 

• https://zeropath.com/blog/azure-bastion-cve-2025-49752  

• https://cybersecuritynews.com/azure-bastion-vulnerability/