CVE-2025-29819 MEDIUM

CVE-2025-29819: Windows Admin Center in Azure Portal Information Disclosure Vulnerability

Vendor Microsoft
Product Windows Admin Center
Weakness CWE-73
Published April 8, 2025
Last update February 13, 2026

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.

Key dates

02Disclosure timeline

April 8, 2025 CVE published
February 13, 2026 Record updated