VDB

GCVE-110-CLOUD-2025-0027

GCVE-110-CLOUD-2025-0027
Advisory Published
Vulnetix · Advisory published January 8, 2025
Azure Machine Learning notebooks can be hijacked by attackers with Storage Account access to inject malicious code. A now-fixed vulnerability allowed Reader role escalation to code execution. The article details the attack methods, including modifying notebooks, obtaining managed identity tokens, and exfiltrating data. It also introduces a tool for dumping AML workspace credentials.

Affected Products

VendorProductVersionsPlatforms
AzureCloud Services
AzureAzure Machine Learning, Azure Storage

References

advisory

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›