CVE-2025-21199: Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability
6.7
CVSS
Description
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.
Classification
CVE ID: CVE-2025-21199
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.7
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Problem Types
CWE-269: Improper Privilege ManagementAffected Products
Vendor: Microsoft, Microsoft
Product: Azure Agent for Site Recovery, Azure Agent for Backup
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 9.62% (scored less or equal to compared to others)
EPSS Date: 2025-04-09 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-21199https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21199