Security vulnerabilities in docker image mcr.microsoft.com/azure-functions/python:4-python3.12-appservice

[andriiiakovenko]

The latest image mcr.microsoft.com/azure-functions/python:4-python3.12-appservice@sha256:42ea731295b260ffbf3eb0d39a8b219ad8334ffa70b06cbb68e31ddfe292c0c6 has security issues.

Microsoft Defender for Cloud detects the following security vulnerabilities in the image:
Severity | CVE | Fix status | Packages type | Vendor | Installed version | Package Name | Fixed version
Critical | CVE-2025-55315 | Fix Available | Language | microsoft.aspnetcore.app.runtime.linux-x64 | 8.0.20.0 | microsoft.aspnetcore.app.runtime.linux-x64 | 8.0.21
Critical | CVE-2025-55315 | Fix Available | Language | microsoft.aspnetcore.server.kestrel.core | 2.2.0.0 | microsoft.aspnetcore.server.kestrel.core | 2.3.6
Medium | CVE-2025-8869 | Fix Available | Language | pip | 25.2.0.0 | pip | N/A
Medium | CVE-2025-55248 | Fix Available | Language | microsoft.netcore.app.runtime.linux-x64 | 8.0.20.0 | microsoft.netcore.app.runtime.linux-x64 | 8.0.21

[wbaker23]

Adding to this discussion; the image mcr.microsoft.com/azure-functions/python:4-python3.10-appservice@sha256:b7fe3329508db6f4597b00c030d3f5e6c31880003e3797b009bf573afe8a3c4b
has critical CVE-2025-55315