CVE-2025-62550: Azure Monitor Agent Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Dec

Released

2025-12-09

EPSS Score

0.17% (percentile: 37.8%)

Description

Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. How could an attacker exploit this vulnerability? An attacker with local network access to an Azure Linux Virtual Machine running Azure Monitor could exploit a heap overflow to escalate privileges to the syslog user, enabling execution of arbitrary commands.

Affected Products (1)

Azure

• Azure Monitor Agent

Security Updates (1)

• Release Notes

Acknowledgments

P1hcn

Revision History

• 2025-12-09: Information published.