What the vulnerability does
01Description
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-65041
CRITICAL
CVE-2025-65041: Microsoft Partner Center Elevation of Privilege Vulnerability
CVSS base score
10.0/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C
Key dates
02Disclosure timeline
December 18, 2025
CVE published
April 16, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API
CVE-2024-47165 CORS origin validation accepts the null origin in Gradio
CVE-2023-21505
CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books
CVE-2026-1894 WeKan REST API checklistItems.js Checklist REST Bleed improper authorization
