CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-30390

CVSS 9.9v3.1pub. 2025-04-30upd. 2025-05-12

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.

🤖 AI Analysis
How it works

The flaw consists of improper authorization (CWE-285) in the Microsoft Azure Machine Learning service. An authenticated attacker with only basic network privileges is able to bypass access control mechanisms and obtain a higher level of privileges than they are entitled to. The attack does not require user interaction or complex prerequisites, and its scope extends beyond the originally compromised context (Scope: Changed).

Impact

An attacker can obtain elevated privileges in the Azure Machine Learning environment, which may lead to a complete breach of confidentiality, integrity, and availability of processed data and computing resources.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Detailed information about updates is available in the Microsoft Security Response Center at: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30390

Who is affected

Microsoft Azure Machine Learning — versions indicated in the manufacturer's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Microsoft Azure Machine Learning

    APP
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-49746CRITICAL9.9PL ✓ten sam produkt

Privilege escalation w Azure Machine Learning przez błąd autoryzacji

CVE-2025-49747CRITICAL9.9PL ✓ten sam produkt

Brak autoryzacji w Azure Machine Learning umożliwia privilege escalation

CVE-2026-33833HIGH8.2ten sam produkt

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Ma...

CVE-2026-32207HIGH8.8ten sam produkt

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning...

CVE-2025-47995MEDIUM6.5ten sam produkt

Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a netwo...