Improper Authorization in Azure Bot Framework SDK Allows Unauthorized Access
CVE-2025-30389

8.7HIGH

Key Information:

Vendor: Microsoft
Status: Azure Ai Bot Service
Vendor: CVE Published:; 30 April 2025

What is CVE-2025-30389?

An improper authorization vulnerability in the Azure Bot Framework SDK facilitates unauthorized attackers to elevate their privileges over a network, potentially leading to unauthorized access to sensitive data and system functionalities. This vulnerability underscores the importance of stringent access controls and the need for robust security measures within the framework.

Affected Version(s)

Azure AI Bot Service Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025

Microsoft

What is CVE-2025-30389?

Affected Version(s)

References

CVSS V3.1

Timeline