Server-Side Request Forgery Vulnerability in Microsoft Purview
CVE-2025-21385

8.8HIGH

Key Information:

Vendor
Microsoft
Vendor
CVE Published:
9 January 2025

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in Microsoft Purview, enabling an authorized attacker to exploit the application to disclose sensitive information over a network. This flaw can allow unauthorized access to internal resources, leading to potential data leakage and compromising the integrity of the system. It is crucial for organizations using Microsoft Purview to implement appropriate security measures and apply updates as they become available to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft Purview Unknown

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

.