Platform
dotnet
Component
azure-stack-hub
Fixed in
1.2406.1.23
1.2408.1.50
1.2501.1.47
CVE-2025-53793 describes an Information Disclosure vulnerability within Microsoft Azure Stack Hub. This flaw allows an unauthorized attacker to expose sensitive information across a network connection. The vulnerability impacts versions 1.0.0 through 1.2501.1.47, and a fix is available in version 1.2501.1.47.
Successful exploitation of CVE-2025-53793 could lead to the exposure of confidential data stored or processed within the Azure Stack Hub environment. An attacker who gains unauthorized access could potentially retrieve sensitive information such as user credentials, configuration details, or even application data. The scope of the data exposed would depend on the attacker's access level and the specific information accessible within the compromised system. While the description doesn't specify a direct path to lateral movement, the disclosure of credentials could facilitate such actions within the Azure Stack Hub infrastructure or connected networks. The blast radius extends to any systems or services that rely on the confidentiality of data handled by Azure Stack Hub.
CVE-2025-53793 was published on 2025-08-12. There is no indication of active exploitation or a KEV listing at the time of writing. Public proof-of-concept code is currently unavailable. The vulnerability's impact hinges on the attacker's ability to bypass authentication mechanisms within Azure Stack Hub.
Exploit Status
EPSS
0.15% (35% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-53793 is to upgrade Azure Stack Hub to version 1.2501.1.47 or later. Prior to upgrading, it's crucial to review Microsoft's official documentation for compatibility and potential breaking changes. Consider performing a test upgrade in a non-production environment first to validate the upgrade process and application functionality. While no specific WAF or proxy rules are mentioned, implementing network segmentation and strict access controls can help limit the potential impact of a successful attack. Regularly review Azure Stack Hub's security configuration and ensure adherence to security best practices.
Update Azure Stack Hub to the latest available version. This will resolve the information disclosure vulnerability caused by improper authentication. Refer to the Azure Stack Hub portal for instructions on how to apply updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-53793 is a HIGH severity vulnerability allowing unauthorized network information disclosure in Azure Stack Hub versions 1.0.0–1.2501.1.47. An attacker can potentially expose sensitive data.
If you are running Azure Stack Hub versions 1.0.0 through 1.2501.1.47, you are potentially affected by this Information Disclosure vulnerability.
Upgrade Azure Stack Hub to version 1.2501.1.47 or later to remediate the vulnerability. Review Microsoft's official documentation before upgrading.
There is currently no public information indicating active exploitation of CVE-2025-53793.
Refer to the official Microsoft Security Update Guide for details on CVE-2025-53793 and related security advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.