Improper Authorization in Azure Bot Framework SDK Allows Unauthorized Access
CVE-2025-30389

8.7HIGH

Key Information:

Vendor: Microsoft
Status: Azure Ai Bot Service
Vendor: CVE Published:; 30 April 2025

Summary

An improper authorization vulnerability in the Azure Bot Framework SDK facilitates unauthorized attackers to elevate their privileges over a network, potentially leading to unauthorized access to sensitive data and system functionalities. This vulnerability underscores the importance of stringent access controls and the need for robust security measures within the framework.

Affected Version(s)

Azure AI Bot Service Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 30, 2025