Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.The flaws are listed below -CVE-2025-21396 (CVSS score: 7.5)-Microsoft Account Elevation of Privilege Vulnerability. CVE-2025-21415 (CVSS score: 9.9)-Azure AI Face Service Elevation of Privilege Vulnerability. Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network, Microsoft in an advisory for CVE-2025-21415, crediting an anonymous researcher for reporting the flaw.

‍