Server-Side Request Forgery Vulnerability in Microsoft Azure Health Bot
CVE-2025-21384

8.3HIGH

Key Information:

Vendor: Microsoft
Status: Azure Health Bot
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-21384?

An authenticated attacker may exploit a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot, allowing them to manipulate requests and potentially escalate privileges within the network. This type of vulnerability can lead to unauthorized access to sensitive data and resources, posing a serious threat to organizations using this service.

Affected Version(s)

Azure Health Bot Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 11, 2024