What the vulnerability does
01Description
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-53729
HIGH
CVE-2025-53729: Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVSS base score
7.8/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Key dates
02Disclosure timeline
August 12, 2025
CVE published
February 26, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-5542 Moodle: students can view other users in "only see own membership" groups
CVE-2023-50928 sandbox-accounts-for-events security misconfiguration leads to budget exceed
CVE-2021-44467 spx_restservice KillDupUsr_func Broken Access Control
CVE-2023-36890 Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2026-27591 Winter: Privilege escalation by authenticated backend users
