Azure DevOps Elevation of Privilege Vulnerability

May 8, 2025 invoker category_news

Security Update News

Update Information

Title Azure DevOps Elevation of Privilege Vulnerability
Update ID MS:CVE-2025-29813
Type mscve
Published 2025-05-08T07:00:00
Last Updated 2025-05-08T07:00:00

Security Impact

CVSS Score 0.0
Severity NONE
Attack Vector

Affected CVEs

  • CVE-2025-29813

Update Details

An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.

To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.

The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.