Severity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.
Analysis
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.
Technical ContextAI
Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Code Injection (CWE-94).
RemediationAI
Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.
More in Azure Monitor Agent
View allAzure Monitor Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is low atta
Azure Monitor Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low atta
Azure Monitor Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low atta
Azure Monitor Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low atta
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. Rated high se
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20534