Privilege Elevation Vulnerability in Azure Machine Learning by Microsoft
CVE-2025-49747

9.9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Machine Learning
Vendor: CVE Published:; 18 July 2025

What is CVE-2025-49747?

A vulnerability in Azure Machine Learning exists due to missing authorization checks, which allows an attacker with network access to gain elevated privileges. This could lead to unauthorized manipulation of machine learning models and sensitive data, thereby compromising the security and integrity of the application. Proper access controls and security measures are essential to mitigate this risk and protect sensitive information.

Affected Version(s)

Azure Machine Learning Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2025
Vulnerability Reserved
Jun 9, 2025