A critical vulnerability has been discovered in Microsoft’s managed service Azure Bastion, which enables secure RDP and SSH connections to virtual machines without exposing them to the internet. The identified flaw, CVE-2025-49752, allows remote attackers to gain administrative privileges on all VMs accessible via Bastion, potentially leading to privilege escalation.
The vulnerability is remotely exploitable, requires no pre-existing privileges, and has a high CVSS score of 10.0. However, there are currently no published source code details or proof-of-concept, and reports of active exploitation in real-world environments are non-existent.
Microsoft has addressed other critical vulnerabilities in Azure services, including privilege escalation threats. Despite these efforts, new authentication and privilege escalation vulnerabilities continue to emerge in various Azure services.
Azure Bastion acts as a secure bridge between users and virtual machines, eliminating the need for public ports on VMs and reducing the risk of intrusion. It’s widely adopted by organizations requiring secure administrative access to VMs, such as software development, test environments, cloud server management, and remote IT support.
Note: The text has been simplified while maintaining essential information, and the SEO-optimized title is under 10 words.
Source: https://www.redhotcyber.com/en/post/critical-vulnerability-in-azure-bastion-scores-10-when-rdp-and-ssh-in-the-cloud-are-checkmated