A critical authentication bypass vulnerability (CVE-2025-49752, CVSS 10.0) has been disclosed in Microsoft Azure Bastion. The flaw allows unauthenticated attackers to intercept and replay valid tokens, gaining unauthorized administrative access to all virtual machines (VMs) connected through the Bastion host without user interaction.
Business Impact
This is a catastrophic cloud infrastructure risk. Azure Bastion is designed to be the secure gateway for RDP/SSH access. Compromising it gives attackers a “skeleton key” to the entire cloud backend, allowing them to control VMs, steal data, and deploy ransomware across the environment.
Why It Happened
The vulnerability is a “Capture-replay” flaw in the authentication mechanism. It allows attackers to reuse intercepted session tokens to bypass security checks. This is the third critical privilege escalation flaw in Azure services discovered in 2025.
Recommended Executive Action
Treat this as an immediate emergency. Direct cloud security teams to verify that Microsoft’s automatic updates have been applied to all Azure Bastion instances. Rotate all SSH keys and RDP credentials for VMs accessed via Bastion as a precaution.
Hashtags: #Azure #CloudSecurity #Vulnerability #Microsoft #Bastion #CVE #PatchNow #InfoSec #CyberSecurity