CVE-2025-21415 — Vulnetix

CVE-2025-21415 PUBLISHED CVSS 9.899999618530273 CRITICAL

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

EPSS 3.74% · 88.2th percentile

Risk Scores

CVSS v3.1

9.899999618530273

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

3.74%

88.2th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Azure AI Face Service	-
microsoft	azure_ai_face_service	-

Timeline

Jan 14, 2025 CVE Published
Jan 29, 2025 PoC Published
Jan 29, 2025 PoC Published
Jan 30, 2025 EPSS Score
Jan 30, 2025 PoC Published
Jan 30, 2025 PoC Published
Jan 30, 2025 PoC Published
Jan 30, 2025 PoC Published
Jan 30, 2025 PoC Published
Jan 30, 2025 PoC Published
Jan 31, 2025 Coalition ESS Score
Feb 4, 2025 PoC Published

References

Azure AI Face Service Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-21415 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›