Primary

Context

Microsoft Azure Monitor Agent Out-of-Bounds Write Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A remote code execution vulnerability has been identified in Azure Monitor Agent. This issue arises from an out-of-bounds write, which allows an authorized attacker to execute code over a network. The vulnerability affects Azure Monitor Agent running on Azure Linux Virtual Machines.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code on the affected system, potentially allowing an attacker to escalate privileges and execute arbitrary commands.

Remediation

Users can download the security update for Azure Monitor Agent through the Microsoft Update Catalog. For more information on managing the Azure Monitor Agent, refer to the Azure Monitor Agent Management documentation.

Added: Dec 9, 2025, 10:41 PM

Updated: Dec 9, 2025, 10:41 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Azure Monitor Agent Out-of-Bounds Write Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Azure Monitor Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating