Skip to main content

Azure Stack Hub CVE-2025-53793

HIGH
Path Traversal (CWE-22)
2025-08-12 secure@microsoft.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:06 vuln.today
CVE Published
Aug 12, 2025 - 18:15 nvd
HIGH 7.5

DescriptionCVE.org

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.

AnalysisAI

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. Affected products include: Microsoft Azure Stack Hub.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2021-38647 CRITICAL POC
9.8 Sep 15

Open Management Infrastructure Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2021-38648 HIGH POC
7.8 Sep 15

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2024-38108 CRITICAL
9.3 Aug 13

Azure Stack Hub Spoofing Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable,

CVE-2024-38220 CRITICAL
9.0 Sep 10

Azure Stack Hub Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely

CVE-2024-38216 CRITICAL
9.0 Sep 10

Azure Stack Hub Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely

CVE-2022-29149 HIGH
7.8 Jun 15

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerab

CVE-2021-38645 HIGH
7.8 Sep 15

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2024-38201 HIGH
7.0 Aug 13

Azure Stack Hub Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentic

CVE-2021-38649 HIGH
7.0 Sep 15

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

CVE-2024-20679 MEDIUM
6.5 Feb 13

Azure Stack Hub Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no

Share

CVE-2025-53793 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy