A critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enables attackers to escalate privileges to administrative levels with a single network request.
The vulnerability, designated CVE-2025-49752, affects all Azure Bastion deployments and received an emergency security patch on November 20, 2025.
https://gbhackers.com/critical-azure-ba ... erability/