The vulnerability exists in multiple Azure SDKs across different languages (Go, JS, Python, Java, .NET) within their Azure Arc Managed Identity authentication components. Specifically, when these components communicate with the Hybrid Instance Metadata Service (HIMDS), they receive a 'WWW-Authenticate' header that contains a file path to a secret key. Before the patches, the SDKs would use this file path to read the key without sufficient validation(). An attacker who could control the HIMDS response (e.g., in a compromised environment or through DNS spoofing if applicable to the HIMDS communication) could provide an arbitrary file path. This would cause the SDK to attempt to read that arbitrary file from the local system where the application using the SDK is running. The patches introduce strict validation for this file path, ensuring it resides within an expected, OS-specific directory (e.g., '/var/opt/azcmagent/tokens' on Linux, '%ProgramData%\AzureConnectedMachineAgent\Tokens' on Windows), has a '.key' extension, and does not exceed a size of 4096 bytes. The identified vulnerable functions are those directly responsible for parsing this header, constructing the file path, and reading the file, or the higher-level functions that orchestrate this process() and were modified to include the new validation logic. The core issue is the trust placed in the file path provided by HIMDS without adequate sanitization or restriction, leading to a potential arbitrary file read vulnerability.