VDB

GCVE-110-CLOUD-2025-0054

GCVE-110-CLOUD-2025-0054
Advisory Published
Vulnetix · Advisory published January 8, 2025
Azure Machine Learning notebooks can be hijacked by attackers with Storage Account access to inject malicious code. A now-fixed vulnerability allowed Reader role escalation to code execution. The article details the attack methods, including modifying notebooks, obtaining managed identity tokens, and exfiltrating data. It also introduces a tool for dumping AML workspace credentials.

Affected Products

VendorProductVersionsPlatforms
AzureStorage
AzureMachine Learning
AzureManaged Identity

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›