CVE-2023-38155 HIGH

CVE-2023-38155: Azure DevOps Server Remote Code Execution Vulnerability

Vendor Microsoft
Product Azure DevOps Server 2019.0.1
Weakness CWE-502 · Unsafe deserialization
Published September 12, 2023
Last update October 30, 2025
View on NVD All CVEs

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

Azure DevOps Server Remote Code Execution Vulnerability

Key dates

02Disclosure timeline

September 12, 2023 CVE published
October 30, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-5114 easysoft zentaopms Editor index.php edit deserialization CVE-2025-13805 nutzam NutzBoot LiteRpc-Serializer HttpServletRpcEndpoint.java getInputStream deserialization CVE-2025-32144 WordPress Job Board Manager Plugin <= 2.1.61 - PHP Object Injection vulnerability CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability CVE-2025-5680 Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script SysScriptController.java executeScript deserialization