CVE-2025-5791 is a vulnerability in Azure where the ‘root’ user is incorrectly appended to group listings, potentially exposing unintended group membership information. This could allow an attacker or unprivileged user to enumerate group memberships they should not be aware of, aiding reconnaissance. While the direct impact may appear limited, information disclosure in identity and access contexts can facilitate privilege escalation attempts.

Security Architect’s Take: Review your Azure environments for any reliance on group membership confidentiality as a security control, and monitor for unusual group enumeration activity. Apply any available patches or mitigations from Microsoft promptly, and audit who can query group listings within your tenants.

Original advisory: CVE-2025-5791 Users: root appended to group listings