CVE-2025-59285: Azure Monitor Agent Elevation of Privilege Vulnerability

CVE-2025-59278: Windows Authentication Elevation of Privilege Vulnerability

CVE-2025-59261: Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2025-59260: Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability

CVE-2025-2884: Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

**According to the CVSS metric, the attack vector is local (AV:L) and the privilege required is none (PR:L). What privileges could an attacker gain with successful exploitation?**

A local user could take advantage of this vulnerability and perform elevation of privilege (EOP). By successfully exploiting this vulnerability, the attacker could elevate their privileges to obtain root level access on the virtual machine.

Headline

CVE-2025-59285: Azure Monitor Agent Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News