CVE-2025-21385

HIGH
2025-01-09 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:02 vuln.today
CVE Published
Jan 09, 2025 - 22:15 nvd
HIGH 8.8

Tags

Microsoft SSRF Purview

Description

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

Analysis

Microsoft Purview contains a server-side request forgery vulnerability that allows an authorized attacker to access internal network resources and disclose sensitive information. The SSRF enables reading internal service responses, accessing cloud metadata endpoints, and potentially pivoting to internal infrastructure.

Technical Context

Microsoft Purview's data scanning and classification features make HTTP requests to configured data sources. An SSRF vulnerability allows an authorized user to redirect these requests to arbitrary internal endpoints. In Azure environments, this includes the instance metadata service (IMDS) at 169.254.169.254, which returns access tokens for Azure resources.

Affected Products

['Microsoft Purview']

Remediation

Apply the Microsoft security update. Implement SSRF protections (URL allowlisting for data sources). Restrict Purview managed identity permissions to minimum required. Monitor Azure activity logs for unusual Purview token usage.

Priority Score

92
Low Medium High Critical
KEV: 0
EPSS: +48.3
CVSS: +44
POC: 0

Share

CVE-2025-21385 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy