CVE-2025-21380 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-21380 PUBLISHED CVSS 8.800000190734863 HIGH

Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.

EPSS 3.46% · 87.4th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

3.46%

87.4th percentile

Affected Products

Vendor	Product	Versions
microsoft	azure_marketplace
microsoft	marketplace_saas	-
Microsoft	Marketplace SaaS	-

Timeline

Dec 11, 2024 CVE ID Reserved
Jan 9, 2025 PoC Published
Jan 9, 2025 CVE Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 10, 2025 EPSS Score
Jan 10, 2025 PoC Published
Jan 14, 2025 PoC Published

References

Azure Marketplace SaaS Resources Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-21380 advisory

Open in Interactive Console →