CVE-2025-21385 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-21385 PUBLISHED CVSS 8.800000190734863 HIGH

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

EPSS 48.32% · 97.7th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

48.32%

97.7th percentile

Affected Products

Vendor	Product	Versions
microsoft	purview
microsoft	office_purview	-
Microsoft	Microsoft Purview	-

Timeline

Dec 11, 2024 CVE ID Reserved
Jan 9, 2025 CVE Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 9, 2025 PoC Published
Jan 10, 2025 EPSS Score
Jan 10, 2025 PoC Published
Jan 10, 2025 PoC Published

References

Microsoft Purview Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-21385 advisory

Open in Interactive Console →