CyberAlerts

CVE-2025-30387

Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability

Description: Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.

CVSS: CRITICAL (9.8)

EPSS Score: 0.1%

Source: CVE

May 13th, 2025 (20 days ago)

Zero-day Flaw in Output Messenger Exploited in Espionage Attacks

Description: Microsoft has uncovered a sophisticated cyberespionage campaign by the threat actor Marbled Dust, which exploited a previously unknown vulnerability in the popular messaging platform Output Messenger. The group, believed to be affiliated with Turkey, has used this zero-day exploit (CVE-2025-27920) since April 2024 to gather intelligence on Kurdish military targets in Iraq. According to Microsoft … The post Zero-day Flaw in Output Messenger Exploited in Espionage Attacks appeared first on CyberInsider.

CVSS: CRITICAL (9.8)

EPSS Score: 62.5%

Source: CyberInsider

May 12th, 2025 (21 days ago)

CVE-2025-47733

Microsoft Power Apps Information Disclosure Vulnerability

Description: Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network

CVSS: CRITICAL (9.1)

EPSS Score: 0.13%

Source: CVE

May 8th, 2025 (25 days ago)

CVE-2025-29972

Azure Storage Resource Provider Spoofing Vulnerability

Description: Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.

CVSS: CRITICAL (9.9)

EPSS Score: 0.08%

Source: CVE

May 8th, 2025 (25 days ago)

CVE-2025-29827

Azure Automation Elevation of Privilege Vulnerability

Description: Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

CVSS: CRITICAL (9.9)

EPSS Score: 0.09%

Source: CVE

May 8th, 2025 (25 days ago)

CVE-2025-29813

Azure DevOps Elevation of Privilege Vulnerability

Description: An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one. The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.

CVSS: CRITICAL (10.0)

EPSS Score: 0.12%

Source: CVE

May 8th, 2025 (25 days ago)

CVE-2025-30392

Azure AI bot Elevation of Privilege Vulnerability

Description: Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.

CVSS: CRITICAL (9.8)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE

April 30th, 2025 (about 1 month ago)

CVE-2025-30390

Azure ML Compute Elevation of Privilege Vulnerability

Description: Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.

CVSS: CRITICAL (9.9)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE

April 30th, 2025 (about 1 month ago)

CVE-2025-29814

Microsoft Partner Center Elevation of Privilege Vulnerability

Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

CVSS: CRITICAL (9.3)

EPSS Score: 0.15%

SSVC Exploitation: none

Source: CVE

March 21st, 2025 (2 months ago)

CVE-2025-21198

Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

Description: Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

CVSS: CRITICAL (9.0)

EPSS Score: 0.05%

Source: CVE

February 12th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: