Security update for azure-cli-core SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1182-1 Final 1 1 2025-04-09T10:12:44Z current 2025-04-09T10:12:44Z 2025-04-09T10:12:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for azure-cli-core This update for azure-cli-core fixes the following issues: - CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally (bsc#1239460) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1182,SUSE-SLE-Module-Public-Cloud-15-SP3-2025-1182 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251182-1/ Link for SUSE-SU-2025:1182-1 https://lists.suse.com/pipermail/sle-updates/2025-April/038948.html E-Mail link for SUSE-SU-2025:1182-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1239460 SUSE Bug 1239460 https://www.suse.com/security/cve/CVE-2025-24049/ SUSE CVE CVE-2025-24049 page SUSE Linux Enterprise Module for Public Cloud 15 SP3 azure-cli-core-2.36.0-150200.9.6.1 azure-cli-core-2.36.0-150200.9.6.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP3 Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. CVE-2025-24049 SUSE Linux Enterprise Module for Public Cloud 15 SP3:azure-cli-core-2.36.0-150200.9.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251182-1/ https://www.suse.com/security/cve/CVE-2025-24049.html CVE-2025-24049 https://bugzilla.suse.com/1239460 SUSE Bug 1239460