CVE-2025-21385

Published Jan 9, 2025

Last updated 9 days ago

Overview

Description
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
Source
secure@microsoft.com
NVD status
Received
CNA Tags
exclusively-hosted-service

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-918

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. #exploit 1. CVE-2024-49138: LPE in CLFS.sys (Win11 23H2) - https://t.co/n13JTSDT4v 2. CVE-2024-44243: macOS SIP bypass through kernel extensions - https://t.co/H68UgoO62L 3. CVE-2025-21385: SSRF in MS Purview - https://t.co/WcS5T5Hr3w

    @ksg93rd

    17 Jan 2025

    180 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  2. Pauloxc6/CVE-2025-21385: The SSRF vulnerability in Microsoft Purview https://t.co/pjZlXNplRN

    @yrevichus

    16 Jan 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #securityupdate #microsoft #定例外 2025. 1. 9 Microsoft Purview Information Disclosure Vulnerability CVE-2025-21385 Security Vulnerability リリース日: 2025年1月9日 - マイクロソフト https://t.co/IBl3gqwVGS

    @kawn2020

    11 Jan 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  4. CVE-2025-21385 Server-Side Request Forgery in Microsoft Purview Allows Data Disclosure A Server-Side Request Forgery (SSRF) vulnerability exists in Microsoft Purview. It can let an authorized attacker disclose in... https://t.co/zO5JzPHB8q

    @VulmonFeeds

    10 Jan 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. There is a new vulnerability with elevated criticality in Microsoft Purview (CVE-2025-21385) https://t.co/zMWGsauC2v

    @vuldb

    10 Jan 2025

    88 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2025-21385: HIGH] A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.#cybersecurity,#vulnerability https://t.co/uLzNFNtlMA https://t.co/bfAapg51kw

    @CveFindCom

    9 Jan 2025

    59 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes