CVE-2025-21385 — Vulnetix

CVE-2025-21385 PUBLISHED CVSS 8.800000190734863 HIGH

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

EPSS 52.78% · 98.0th percentile

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

52.78%

98.0th percentile

Affected Products

Vendor	Product	Versions
microsoft	purview
microsoft	office_purview	-
Microsoft	Microsoft Purview	-

Exploit Intelligence

The SSRF vulnerability in Microsoft Purview (github-poc)
The SSRF vulnerability in Microsoft Purview (github-poc)
The SSRF vulnerability in Microsoft Purview (github-poc)
The SSRF vulnerability in Microsoft Purview (github-poc)
The SSRF vulnerability in Microsoft Purview (github-poc)
The SSRF vulnerability in Microsoft Purview (github-poc)
The SSRF vulnerability in Microsoft Purview (github-poc)
https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
CIRCL seen: CVE-2025-21385 (circl-sighting)
CIRCL seen: CVE-2025-21385 (circl-sighting)

…and 11 more exploits

Timeline

Jan 9, 2025 CVE Updated
Jan 9, 2025 CVE Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 10, 2025 EPSS Score
Jan 10, 2025 PoC Published
Jan 10, 2025 PoC Published

References

Microsoft Purview Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-21385 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›