Home » Database

AVID-2026-R0040

Description

Microsoft Account Elevation of Privilege Vulnerability (CVE-2025-21396)

Details

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.

References

Affected or Relevant Artifacts

  • Developer: Microsoft
  • Deployer: Microsoft
  • Artifact Details:
TypeName
SystemMicrosoft Account

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Base Score8.2
Base Severity🔴 High

CWE

IDDescription
CWE-862CWE-862: Missing Authorization

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2025-01-29
  • Version: 0.3.1
  • AVID Entry