{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62550", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-10-15T17:11:21.219Z", "datePublished": "2025-12-09T17:55:54.642Z", "dateUpdated": "2026-04-16T14:18:49.736Z"}, "containers": {"cna": {"title": "Azure Monitor Agent Remote Code Execution Vulnerability", "datePublic": "2025-12-09T08:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.35.9"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Monitor", "versions": [{"version": "1.0.0", "lessThan": "1.35.9", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-787: Out-of-bounds Write", "lang": "en-US", "type": "CWE", "cweId": "CWE-787"}, {"description": "CWE-131: Incorrect Calculation of Buffer Size", "lang": "en-US", "type": "CWE", "cweId": "CWE-131"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:18:49.736Z"}, "references": [{"name": "Azure Monitor Agent Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62550"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62550", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-10T04:56:51.121309Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:21:12.816Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62550", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-10T04:56:51.121309Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-09T20:14:21.916Z"}}], "cna": {"title": "Azure Monitor Agent Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Monitor", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.35.9", "versionType": "custom"}]}], "datePublic": "2025-12-09T08:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62550", "name": "Azure Monitor Agent Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}, {"lang": "en-US", "type": "CWE", "cweId": "CWE-131", "description": "CWE-131: Incorrect Calculation of Buffer Size"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.35.9", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:18:49.736Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62550", "state": "PUBLISHED", "dateUpdated": "2026-04-16T14:18:49.736Z", "dateReserved": "2025-10-15T17:11:21.219Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-12-09T17:55:54.642Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_monitor_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B8A1C65-34F4-429E-8DBF-FA336DA2D90E", "versionEndExcluding": "1.35.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network."}], "id": "CVE-2025-62550", "lastModified": "2025-12-10T19:23:31.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2025-12-09T18:16:00.117", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62550"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}, {"lang": "en", "value": "CWE-787"}], "source": "secure@microsoft.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T15:46:25.187821+00:00", "value": {"mitigation_remediation": ["Apply the latest patch for the Azure Monitor Agent as published by Microsoft; review the update guide linked in the advisory for the exact version that contains the fix.", "If a patch cannot be applied immediately, limit network reachability to the Azure Monitor Agent by placing it behind a firewall or network segmentation so only trusted, authenticated hosts can communicate with it.", "Enforce the principle of least privilege for users who are allowed to run commands through the Agent, and disable or revoke any unnecessary remote execution capabilities that might be abused by an attacker."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Microsoft Azure Monitor Agents are affected. Specific product versions are not listed in the advisory, so all deployments of the Azure Monitor Agent should be investigated for the existence of this flaw until a patch is confirmed to be applied.", "description_and_impact": "The vulnerability is an out\u2011of\u2011bounds write in the Azure Monitor Agent that permits an authorized attacker to execute arbitrary code on the host over a network. This flaw is classified as a high\u2011impact type of buffer overflow (CWE\u2011131 and CWE\u2011787), which can compromise confidentiality, integrity, and availability by allowing remote code execution on affected systems.", "risk_and_exploitability": "With a CVSS score of 8.8 the vulnerability is considered high severity. The EPSS score is below 1%, indicating a low probability of exploitation at the time of this analysis, and the issue is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is a network attack that requires the attacker to be authenticated or authorized to interact with the Agent; remediation relies on patching or tightening network access to the Agent."}}}}, "created": "2026-04-20T16:00:10.652135+00:00", "updated": "2026-04-20T16:00:10.652144+00:00", "vendors": []}