CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-49747

CVSS 9.9v3.1pub. 2025-07-18upd. 2025-08-14

Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.

🤖 AI Analysis
How it works

An attacker with basic privileges in the Azure Machine Learning environment can exploit the lack of proper authorization verification to perform operations requiring higher privileges. The vulnerability can be exploited remotely over the network without requiring user interaction and with low attack complexity. The changed scope (Scope: Changed) suggests that the impact may extend beyond the directly exposed component.

Impact

An attacker can obtain unauthorized privilege escalation, leading to complete compromise of confidentiality, integrity, and availability of resources — potentially including resources beyond the original scope of access.

Mitigation & patch

Apply patches available from the vendor according to references at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49747

Who is affected

Microsoft Azure Machine Learning — versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Microsoft Azure Machine Learning

    APP
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-49746CRITICAL9.9PL ✓ten sam produkt

Privilege escalation w Azure Machine Learning przez błąd autoryzacji

CVE-2025-30390CRITICAL9.9PL ✓ten sam produkt

Nieprawidłowa autoryzacja w Azure Machine Learning — privilege escalation

CVE-2026-33833HIGH8.2ten sam produkt

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Ma...

CVE-2026-32207HIGH8.8ten sam produkt

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning...

CVE-2025-47995MEDIUM6.5ten sam produkt

Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a netwo...