Improper Authorization in Azure Leading to Privilege Escalation
CVE-2025-30390

9.9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Machine Learning
Vendor: CVE Published:; 30 April 2025

What is CVE-2025-30390?

A vulnerability in Azure permits an attacker to exploit improper authorization controls, enabling them to gain elevated privileges over the network. This flaw potentially allows unauthorized users to access sensitive resources, thereby compromising the integrity and confidentiality of the system.

Affected Version(s)

Azure Machine Learning Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025

Microsoft

What is CVE-2025-30390?

Affected Version(s)

References

CVSS V3.1

Timeline