CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30387 – Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-30387
13 May 2025 — Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30387 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-29973 – Microsoft Azure File Sync Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29973
13 May 2025 — Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29973 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-29813 – Azure DevOps Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29813
08 May 2025 — An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one. The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens. [Spoofable identity claims] Authentication Bypass by Assumed-I... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29813 • CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-29827 – Azure Automation Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29827
08 May 2025 — Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29827 • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2025-29972 – Azure Storage Resource Provider Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-29972
08 May 2025 — Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network. • https://github.com/ThemeHackers/CVE-2025-29972 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21416 – Azure Virtual Desktop Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21416
30 Apr 2025 — Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21416 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-30392 – Azure AI bot Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-30392
30 Apr 2025 — Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. • https://github.com/Totunm/CVE-2025-30392 • CWE-285: Improper Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30390 – Azure ML Compute Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-30390
30 Apr 2025 — Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30390 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33074 – Azure Functions Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-33074
30 Apr 2025 — Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33074 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30389 – Azure Bot Framework SDK Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-30389
30 Apr 2025 — Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30389 • CWE-285: Improper Authorization •