Plattform
windows
Komponente
azure-agent-for-backup
Behoben in
2.0.9940.0
9.30
CVE-2025-21199 describes an improper privilege management vulnerability within the Azure Agent Installer for Azure Agent for Backup. This flaw allows an authenticated attacker to escalate their privileges locally on the affected system. The vulnerability impacts versions 1.0.0 through 9.30 of the agent, and a fix is available in version 9.30.
Successful exploitation of CVE-2025-21199 could allow an attacker who already has some level of access to the system to gain significantly higher privileges. This could enable them to install malware, modify system configurations, access sensitive data, or even take complete control of the affected machine. The impact is particularly concerning in environments where the Azure Agent for Backup is used to manage critical data backups, as an attacker could potentially compromise the integrity of those backups. While the vulnerability requires authentication, the potential for privilege escalation makes it a serious security risk.
CVE-2025-21199 was publicly disclosed on 2025-03-11. The vulnerability's impact hinges on the attacker already possessing some level of access to the system. As of the current date, no public proof-of-concept exploits are known, and there are no reports of active exploitation campaigns. The EPSS score is pending evaluation, but the potential for local privilege escalation warrants careful attention.
Organizations heavily reliant on Azure Agent for Backup for data protection are at increased risk. Environments with weak privilege controls or shared accounts used for agent management are particularly vulnerable. Legacy deployments using older versions of the agent are also at higher risk.
• windows / supply-chain:
Get-Process -Name "AzureAgentInstaller" | Select-Object -ExpandProperty ProcessId• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-Security']]] and [EventID=5140]" -MaxEvents 10• windows / supply-chain: Check Autoruns for unusual entries related to the Azure Agent for Backup installation path.
disclosure
Exploit-Status
EPSS
0.19% (41% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-21199 is to upgrade the Azure Agent for Backup to version 9.30 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls and privilege separation on the affected systems to limit the potential impact of a successful attack. Review existing security policies to ensure they adequately restrict user privileges and monitor system activity for any suspicious behavior indicative of privilege escalation attempts. After upgrading, confirm the fix by verifying that the installer no longer allows privilege escalation through the affected mechanism.
Actualice el Azure Agent for Backup a la versión 2.0.9940.0 o superior para corregir la vulnerabilidad de elevación de privilegios. Descargue la última versión desde el portal de Azure o el sitio web de Microsoft. Reinicie el sistema después de la actualización para asegurar que los cambios se apliquen correctamente.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-21199 is a vulnerability in Azure Agent for Backup allowing an authenticated attacker to elevate privileges locally, rated MEDIUM severity (CVSS 6.7).
You are affected if you are using Azure Agent for Backup versions 1.0.0 through 9.30.
Upgrade to version 9.30 or later to remediate the vulnerability. Back up your configuration before upgrading.
As of March 11, 2025, there are no known active exploitation campaigns or public proof-of-concept exploits.
Refer to the official Microsoft security advisory for CVE-2025-21199 on the Microsoft Security Response Center website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.