Purview
CVE-2025-21385
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
AnalysisAI
Microsoft Purview contains a server-side request forgery vulnerability that allows an authorized attacker to access internal network resources and disclose sensitive information. The SSRF enables reading internal service responses, accessing cloud metadata endpoints, and potentially pivoting to internal infrastructure.
Technical ContextAI
Microsoft Purview's data scanning and classification features make HTTP requests to configured data sources. An SSRF vulnerability allows an authorized user to redirect these requests to arbitrary internal endpoints. In Azure environments, this includes the instance metadata service (IMDS) at 169.254.169.254, which returns access tokens for Azure resources.
RemediationAI
Apply the Microsoft security update. Implement SSRF protections (URL allowlisting for data sources). Restrict Purview managed identity permissions to minimum required. Monitor Azure activity logs for unusual Purview token usage.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today