Bot Framework Software Development Kit
CVE-2021-1725
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 4 npm packages depend on botframework-connector (2 direct, 2 indirect)
Ecosystem-wide dependent count for version 4.7.0.
DescriptionCVE.org
Bot Framework SDK Information Disclosure Vulnerability
AnalysisAI
Bot Framework SDK Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Affected products include: Microsoft Bot Framework Software Development Kit.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
Same weakness CWE-287 – Improper Authentication
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today