Microsoft Azure Automation
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Azure Automation.
Recent Microsoft Azure Automation Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-29827 | CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability | May 9, 2025 |
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Azure Automation. Last year, in 2025 Azure Automation had 1 security vulnerability published. Right now, Azure Automation is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 9.90 |
| 2024 | 1 | 7.80 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.10 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 4.90 |
It may take a day or so for new Azure Automation vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Azure Automation Security Vulnerabilities
May 2025: Azure Automation Elevation of Privilege Vulnerability
CVE-2025-29827
9.9 - Critical
- May 08, 2025
Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
AuthZ
OMI Elevation of Privilege Vulnerability
CVE-2024-21330
7.8 - High
- March 12, 2024
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Memory Corruption
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential? on an Azure AD Application or Service Principal (
CVE-2021-42306
8.1 - High
- November 24, 2021
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential? on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application. Azure AD?addressed this vulnerability by preventing disclosure of any private key?values added?to the application. Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information. For more details on this issue, please refer to the MSRC Blog Entry.
Insufficiently Protected Credentials
An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role
CVE-2019-0962
4.9 - Medium
- July 15, 2019
An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Azure Automation or by Microsoft? Click the Watch button to subscribe.
