VDB
GCVE-110-CLOUD-2025-0027
GCVE-110-CLOUD-2025-0027
Advisory Published
Azure Machine Learning notebooks can be hijacked by attackers with Storage Account access to inject malicious code. A now-fixed vulnerability allowed Reader role escalation to code execution. The article details the attack methods, including modifying notebooks, obtaining managed identity tokens, and exfiltrating data. It also introduces a tool for dumping AML workspace credentials.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Cloud Services | — | — |
| Azure | Azure Machine Learning, Azure Storage | — | — |
Browse GCVE Records
73,734 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.