On Prem Data Gateway CVE-2025-21403

MEDIUM
Incorrect Authorization (CWE-863)
2025-01-14 [email protected]
Authentication Bypass Information Disclosure On Prem Data Gateway
6.4
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:03 vuln.today
Patch released
Mar 28, 2026 - 18:03 nvd
Patch available
CVE Published
Jan 14, 2025 - 18:16 nvd
MEDIUM 6.4

DescriptionNVD

On-Premises Data Gateway Information Disclosure Vulnerability

AnalysisAI

On-Premises Data Gateway Information Disclosure Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. On-Premises Data Gateway Information Disclosure Vulnerability Affected products include: Microsoft On-Prem Data Gateway.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

Share

CVE-2025-21403 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy