Azure Stack
by Microsoft
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37968 | Cri | 0.65 | 10.0 | 0.03 | Oct 11, 2022 | Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster.… | ||
| CVE-2024-38108 | Cri | 0.61 | 9.3 | 0.01 | Aug 13, 2024 | Azure Stack Hub Spoofing Vulnerability | ||
| CVE-2024-38220 | Cri | 0.59 | 9.0 | 0.01 | Sep 10, 2024 | Azure Stack Hub Elevation of Privilege Vulnerability | ||
| CVE-2024-49060 | Hig | 0.57 | 8.8 | 0.00 | Nov 15, 2024 | Azure Stack HCI Elevation of Privilege Vulnerability | ||
| CVE-2024-38179 | Hig | 0.57 | 8.8 | 0.00 | Oct 8, 2024 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | ||
| CVE-2024-38216 | Hig | 0.53 | 8.2 | 0.01 | Sep 10, 2024 | Azure Stack Hub Elevation of Privilege Vulnerability | ||
| CVE-2019-1234 | Hig | 0.53 | 7.5 | 0.58 | Nov 12, 2019 | A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. | ||
| CVE-2025-27489 | Hig | 0.51 | 7.8 | 0.01 | Apr 8, 2025 | Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally. | ||
| CVE-2022-29149 | Hig | 0.51 | 7.8 | 0.01 | Jun 15, 2022 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | ||
| CVE-2024-38201 | Hig | 0.46 | 7.0 | 0.01 | Aug 13, 2024 | Azure Stack Hub Elevation of Privilege Vulnerability | ||
| CVE-2024-20679 | Med | 0.42 | 6.5 | 0.01 | Feb 13, 2024 | Azure Stack Hub Spoofing Vulnerability | ||
| CVE-2023-21703 | Med | 0.42 | 6.5 | 0.01 | Feb 14, 2023 | Azure Data Box Gateway Remote Code Execution Vulnerability | ||
| CVE-2025-53793 | 0.00 | — | 0.01 | Aug 12, 2025 | Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-53765 | 0.00 | — | 0.00 | Aug 12, 2025 | Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. |
- risk 0.65cvss 10.0epss 0.03
Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster.…
- risk 0.61cvss 9.3epss 0.01
Azure Stack Hub Spoofing Vulnerability
- risk 0.59cvss 9.0epss 0.01
Azure Stack Hub Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.00
Azure Stack HCI Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.00
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
- risk 0.53cvss 8.2epss 0.01
Azure Stack Hub Elevation of Privilege Vulnerability
- risk 0.53cvss 7.5epss 0.58
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
Azure Stack Hub Elevation of Privilege Vulnerability
- risk 0.42cvss 6.5epss 0.01
Azure Stack Hub Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.01
Azure Data Box Gateway Remote Code Execution Vulnerability
- CVE-2025-53793Aug 12, 2025risk 0.00cvss —epss 0.01
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53765Aug 12, 2025risk 0.00cvss —epss 0.00
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.