VDB

GCVE-110-CLOUD-2025-0046

GCVE-110-CLOUD-2025-0046
Advisory Published
Vulnetix · Advisory published February 26, 2025
Azure Key Vault enforces a separation between the Control Plane (management) and Data Plane (secrets access). However, a flaw in this isolation allows unauthorized users to enumerate secrets and keys within a vault. By having Reader access or lesser privileges on a Key Vault, an attacker could leverage Azure Resource Explorer to access metadata about stored secrets. This is due to unintended exposure through the Control Plane, which should not provide insight into Data Plane resources. The root cause of this issue is insufficient isolation between the two planes, where metadata retrieval is permitted even when direct access to secrets is restricted. This allows attackers to gain information about sensitive assets without full permissions.

Affected Products

VendorProductVersionsPlatforms
AzureKey Vault

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›