VDB

GCVE-110-NCSC-2025-249

GCVE-110-NCSC-2025-249
Advisory PublishedCVSS 7.9/10
Vulnetix · Advisory published August 13, 2025
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Weaknesses (CWE)

CWE-284Improper Access ControlCWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-918Server-Side Request Forgery (SSRF)CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-285Improper AuthorizationCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Risk Scores

CVSS 3.1
7.9/10
High · CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:microsoft/102.10.2.11
Microsoftvers:unknown/>=19.0|<19.1.0.0
Microsoftvers:unknown/>=1.0.0|<18.0.0.0
Microsoftvers:unknown/>=18.0|<18.0.0.0
Microsoftvers:unknown/>=21.0|<21.2.0.0
Microsoftvers:microsoft/1.2406.1.23
Microsoftvers:microsoft/unknown
Microsoftvers:unknown/>=20.0|<20.0.0.0
Microsoftvers:microsoft/1.2408.1.50
Microsoftvers:unknown/1.0.0|<18.3.0.0
Microsoftvers:microsoft/1.2501.1.47
Microsoftvers:unknown/open ai
Microsoftvers:unknown/>=1.0.0|<102.10.2.11
Microsoftvers:unknown/>=1.0.0|<18.3.0.0
Microsoftvers:unknown/n/a
Microsoftvers:unknown/1.0.0|<102.10.2.11
Microsoftvers:unknown/portal

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›