Server-Side Request Forgery Vulnerability in Microsoft Purview
CVE-2025-21385
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 9 January 2025
Badges
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in Microsoft Purview, enabling an authorized attacker to exploit the application to disclose sensitive information over a network. This flaw can allow unauthorized access to internal resources, leading to potential data leakage and compromising the integrity of the system. It is crucial for organizations using Microsoft Purview to implement appropriate security measures and apply updates as they become available to mitigate the risks associated with this vulnerability.
Affected Version(s)
Microsoft Purview Unknown
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published