Server-Side Request Forgery Vulnerability in Microsoft Azure Health Bot
CVE-2025-21384

8.3HIGH

Key Information:

Vendor
Microsoft
Status
Azure Health Bot
Vendor
CVE Published:
1 April 2025

Summary

An authenticated attacker may exploit a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot, allowing them to manipulate requests and potentially escalate privileges within the network. This type of vulnerability can lead to unauthorized access to sensitive data and resources, posing a serious threat to organizations using this service.

Affected Version(s)

Azure Health Bot Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-21384 : Server-Side Request Forgery Vulnerability in Microsoft Azure Health Bot | SecurityVulnerability.io