Primary

Context

Microsoft Azure Stack Improper Authentication Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A vulnerability exists in Azure Stack due to improper authentication, which allows unauthorized attackers to disclose information over a network. This issue affects several versions of Azure Stack Hub, specifically the 2501, 2406, and 2408 release branches. The vulnerability could lead to the unintentional exposure of system internal configurations.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure, specifically internal system configurations.

Remediation

Users can update their Azure Stack Hub environment to the latest version 1.2501.1.47. Security update packages for versions 1.2406.1.23 and 1.2408.1.50 are also available. Instructions for applying these updates can be found in the release notes for each version.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Azure Stack Improper Authentication Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Microsoft Azure Stack Hub

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating