Major Cloud Security Alert: A 10/10 Crisis!

**Breaking Update (May 11, 2025)**: This article has been refreshed with exciting new details about Microsoft and Google’s commitment to enhancing transparency regarding cloud security vulnerabilities. Get ready for some shocking revelations!

It’s a rare occurrence when a security vulnerability reaches the highest possible criticality score of 10 out of 10, but Microsoft has confirmed an alarming new flaw that does just that!

While there’s no evidence that this vulnerability has been exploited in the wild or disclosed publicly, it’s a wake-up call for users and businesses relying on Microsoft’s cloud services.

The Critical Vulnerabilities: What You Need to Know

Microsoft has identified four significant vulnerabilities affecting its cloud infrastructure. One of these boasts a critical 10/10 rating, while two others aren’t far behind, rated at 9.9 each! The last one weighs in at a critical 9.1.

1. CVE-2025-29813: Critical 10.0 — Azure DevOps Vulnerability

This severe security issue allows attackers to hijack Azure DevOps pipeline tokens due to improper handling of job tokens by Visual Studio. **To exploit this**, hackers must first gain access to the project and swap a short-term token with a long-term one.

2. CVE-2025-29972: Critical 9.9 — Azure Storage Spoofing Vulnerability

This vulnerability could let authorized attackers perform server-side request forgery, potentially enabling them to send malicious requests that impersonate legitimate services. Major risks are at play!

3. CVE-2025-29827: Critical 9.9 — Azure Automation Threat

Another pressing vulnerability in Azure Automation allows hackers to elevate their privileges seamlessly through improper authorization. This could lead to devastating consequences.

4. CVE-2025-47733: Critical 9.1 — Microsoft Power Apps Leak

While not an Azure issue, this vulnerability allows information disclosure across the network through another server-side request forgery flaw affecting Power Apps.

The Silver Lining: No User Action Required!

Here’s the bright side amidst these grave security revelations: Microsoft has already mitigated these vulnerabilities, and users don’t need to take any action! Microsoft confirmed, “Users of this service have no patches or updates to install.”

This proactive approach is part of Microsoft’s broader initiative to enhance transparency regarding vulnerabilities, ensuring users remain informed about potential risks even without immediate action required.

Microsoft and Google: A NEW Era of Transparency

Microsoft is setting a new standard for vulnerability disclosure, stating that sharing details about resolved security issues is vital—even when no patch is needed. This shift aligns with their Secure Future Initiative, aimed at improving defenses against emerging threats.

In a similar vein, Google has joined this movement, announcing plans to disclose critical vulnerabilities in Google Cloud services—showing a united front against cyber threats. Phil Venables, Google Cloud's Chief Information Security Officer, emphasized the essential nature of shared transparency in combatting malicious actors.

With both tech giants committed to this new transparency, users can feel a sense of security as they continue relying on cloud services for their business and personal needs. Stay informed and stay safe!