CVE-2025-21396 — Vulnetix

CVE-2025-21396 PUBLISHED CVSS 8.199999809265137 HIGH

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.

EPSS 2.05% · 84.1th percentile

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C

EPSS Score

2.05%

84.1th percentile

Affected Products

Vendor	Product	Versions
microsoft	micrososft_account	*
microsoft	account
Microsoft	Microsoft Account	*

Timeline

Jan 14, 2025 CVE Published
Jan 29, 2025 PoC Published
Jan 29, 2025 PoC Published
Jan 30, 2025 EPSS Score
Jan 30, 2025 PoC Published
Jan 30, 2025 PoC Published
Jan 30, 2025 PoC Published
Feb 4, 2025 PoC Published
Feb 4, 2025 PoC Published
Feb 4, 2025 PoC Published
Feb 4, 2025 PoC Published
Feb 4, 2025 PoC Published

References

Microsoft Account Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-21396 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›