SB2025040887 - Multiple vulnerabilities in Microsoft Azure Local Cluster

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025040887

SB2025040887 - Multiple vulnerabilities in Microsoft Azure Local Cluster

Published: April 8, 2025

Security Bulletin ID SB2025040887
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Insufficiently protected credentials (CVE-ID: CVE-2025-26628)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insufficiently protected credentials in Azure Local Cluster. A local user can gain access to sensitive information on the system.


2) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-25002)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files in Azure Local Cluster. An administrator on the local network can read the log files and gain access to sensitive data.


Remediation

Install update from vendor's website.

References