Main Vulnerability Database Vulnerabilities #VU107228

Inclusion of Sensitive Information in Log Files in Azure Local Cluster - CVE-2025-25002

Published: April 8, 2025

Vulnerability identifier: #VU107228

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-25002

CWE-ID: CWE-532

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Azure Local Cluster

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files in Azure Local Cluster. An administrator on the local network can read the log files and gain access to sensitive data.

How to mitigate CVE-2025-25002

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25002

Inclusion of Sensitive Information in Log Files in Azure Local Cluster - CVE-2025-25002

Detailed vulnerability description

How to mitigate CVE-2025-25002

Sources

Please verify you're human