Please clarify which commit fixes CVE-2025-24049 #31036
Assignees
Labels
Azure CLI Team
The command of the issue is owned by Azure CLI team
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
Security-Issue
Milestone
Comments
glaubitz
added
the
needs-triage
|
Thank you for opening this issue, we will look into it. |
|
This issue is related to security. Please pay attention. Powered by issue-sentinel |
microsoft-github-policy-service
bot
added
the
customer-reported
yonzhan
added
the
Azure CLI Team
|
@glaubitz Please check #30703 for resolving of CVE-2025-24049 |
Oh wow, I would have never guessed from the commit message that this particular change fixes a CVE. It should definitely be documented to help distributions address this CVE. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Type of issue
Missing information
Reference command name
N/A
Feedback
Microsoft's security tracker reports that there was the CVE-2025-24049 [1] in Azure CLI up to excluding 2.69.0 but there is not a single clue what particular commit fixes this CVE.
Without knowing the exact commit, it is not possible for Linux distributions to address a particular CVE.
Please note that especially enterprise distributions can't always simply upgrade to the latest upstream version as such a process is more involved and complicated since it involves a lot of QA testing.
Can you therefore please disclose what particular commit fixed CVE-2025-24049?
Thanks!
Page URL
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24049
Content source URL
No response
Author
No response
Document Id
No response
The text was updated successfully, but these errors were encountered: