Improper Access Control in Azure Databricks Leads to Unauthorized Privilege Escalation
CVE-2025-53763

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Purview Data Governance
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-53763?

A vulnerability in Azure Databricks has been identified that allows unauthorized attackers to escalate their privileges over the network due to improper access controls. This weakness opens potential pathways for malicious actors to gain elevated permissions, which could lead to unauthorized access to sensitive data or functionality within the platform. Organizations utilizing Azure Databricks should evaluate their security posture and implement necessary mitigations to safeguard against potential exploits related to this vulnerability.

Affected Version(s)

Microsoft Purview Data Governance Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Jul 9, 2025