A Critical Vulnerability Rating 10/10 Has Been Confirmed By Microsoft

A critical vulnerability score of 10/10 is a very rare circumstance, and Microsoft seems to have caught itself in one of those.

Recently, Microsoft confirmed that their core cloud services were impacted by several critical vulnerabilities, one rated at 10, while the others were rated at 9.9 and 9.1, respectively. As users, what do you do in this situation? Well, nothing! That’s right; Microsoft has also confirmed all their users are protected from the vulnerability and their information is secured tightly.

So, what are these vulnerabilities, and how can we categorize their severity? Four of them were detected and we can understand the scale they fall into.

CVE-2025-29813: Azure DevOps Elevation of Privilege Vulnerability 

Visual Studio has a significant elevation of privilege vulnerability triggered by inappropriate handling of pipeline job tokens.. It could allow an attacker with access to a project to swap a short-term token for a long-term one, thereby gaining extended access. With a CVSS score of 10.0, the vulnerability is exploitable over the network without requiring privileges or user interaction, and it poses a high risk to confidentiality, integrity, and availability.

CVE-2025-29972: Azure Storage Resource Provider Spoofing Vulnerability

A critical spoofing vulnerability involving Server-Side Request Forgery (SSRF) in Azure. It allows an authorized attacker with low privileges to send unauthorized requests over a network, potentially spoofing internal services. With a CVSS score of 9.9, the vulnerability is easy to exploit, requires no user interaction, and can significantly impact confidentiality, integrity, and availability.

CVE-2025-29827: Azure Automation Elevation of Privilege Vulnerability

A critical elevation of privilege vulnerability in Azure Automation was caused by improper authorization controls. It enables an attacker with low-level access to escalate their privileges over the network. With a CVSS score of 9.9, this vulnerability poses a high risk to confidentiality and integrity, with moderate impact on availability. It requires no user interaction and is low in complexity to exploit.

CVE-2025-47733: Microsoft Power Apps Information Disclosure Vulnerability

This vulnerability ranges to a critical scale of 9.1 that allows an attacker to disclose information over the network. It is a high-severity information disclosure vulnerability in Microsoft Power Apps, stemming from a Server-Side Request Forgery (SSRF) issue.

Though this was a security concern for many individuals and businesses working with Microsoft cloud services, it proved the swiftness of Microsoft to immediately safeguard its customers. As a cybersecurity expert, Secucenter offers a second layer of cyber protection for every organization. We understand the importance of protecting important data from threat actors who are as advanced as the tools that are being invented. Thus, to ensure long-term operations, an organization can always utilize an additional agent of cybersecurity.