CVE-2025-53793: Azure Stack Hub Information Disclosure Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2025-Aug

Released

2025-08-12

EPSS Score

0.17% (percentile: 38.0%)

Description

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.

FAQ

What type of information could be disclosed by this vulnerability? System internal configuration could be disclosed by this vulnerability. What should users do to protect themselves? Users can follow the instructions in the release notes to update the Azure Stack Hub environment to latest version 1.2501.1.47. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

Affected Products (3)

Azure

• Azure Stack Hub 2408
• Azure Stack Hub 2406
• Azure Stack Hub 2501

Security Updates (6)

• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Acknowledgments

<a href="https://twitter.com/hoangnx99">nxhoang99</a> with <a href="https://lab.viettelcybersecurity.com/">VCSLab of Viettel Cyber Security</a>

Revision History

• 2025-08-12: Information published.