Primary

Context

Microsoft Azure Container Instances Elevation of Privilege Vulnerability

Vulnerability

Patched

A vulnerability allowing external control of file names or paths in Confidential Azure Container Instances has been identified. This issue enables an authorized attacker to locally elevate privileges by manipulating file shares to execute harmful code within the confidential ACI sidecar container, thereby escalating control from the host to the confidential containers.

Impact

Successful exploitation allows an attacker to execute code in the targeted guest environment of a confidential ACI sidecar container, with elevated privileges.

Remediation

To address this vulnerability, users should update to Helm chart version 1.3012.25080101 or later and regenerate their Confidential Compute Environment (CCE) policy with a minimum infrastructure fragment SVN of 4. Instructions for updating the Azure CLI confcom extension and regenerating the CCE policy are available in the Microsoft Security Update Guide.

Added: Oct 14, 2025, 5:57 PM

Updated: Oct 14, 2025, 8:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.8

remediation

8.3

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.8

remediation

8.3

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Azure Container Instances Elevation of Privilege Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Confidential Azure Container Instances

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating