CVE Vulnerabilities

CVE-2025-47158

Authentication Bypass by Assumed-Immutable Data

Published: Jul 18, 2025 | Modified: Aug 14, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

Weakness

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Affected Software

Name Vendor Start Version End Version
Azure_devops Microsoft - (including) - (including)

Potential Mitigations

References