CVE-2025-21385

Published Jan 9, 2025

Last updated a month ago

Overview

Description
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
Source
secure@microsoft.com
NVD status
Received
CNA Tags
exclusively-hosted-service

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-918

Social media

Hype score
Not currently trending
  1. Belangrijke informatie over server-side request forgery kwetsbaarheid in microsoft purview: cve-2025-21385 https://t.co/SMmCXDhzNB #CVE-2025-21385 #Microsoft Purview #SSRF kwetsbaarheid #Cybersecurity #Informatiebeveiliging #Trending #Tech #Nieuws

    @TrendingNewsBot

    25 Jan 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Kritieke ssrf kwetsbaarheid in microsoft purview ontdekt: wat u moet weten https://t.co/iPlmGctw1F #CVE-2025-21385 #Microsoft Purview kwetsbaarheid #SSRF-aanval #beveiligingsupdate #cybersecurity #Trending #Tech #Nieuws

    @TrendingNewsBot

    25 Jan 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #exploit 1. CVE-2024-49138: LPE in CLFS.sys (Win11 23H2) - https://t.co/n13JTSDT4v 2. CVE-2024-44243: macOS SIP bypass through kernel extensions - https://t.co/H68UgoO62L 3. CVE-2025-21385: SSRF in MS Purview - https://t.co/WcS5T5Hr3w

    @ksg93rd

    17 Jan 2025

    180 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  4. Pauloxc6/CVE-2025-21385: The SSRF vulnerability in Microsoft Purview https://t.co/pjZlXNplRN

    @yrevichus

    16 Jan 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. #securityupdate #microsoft #定例外 2025. 1. 9 Microsoft Purview Information Disclosure Vulnerability CVE-2025-21385 Security Vulnerability リリース日: 2025年1月9日 - マイクロソフト https://t.co/IBl3gqwVGS

    @kawn2020

    11 Jan 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  6. CVE-2025-21385 Server-Side Request Forgery in Microsoft Purview Allows Data Disclosure A Server-Side Request Forgery (SSRF) vulnerability exists in Microsoft Purview. It can let an authorized attacker disclose in... https://t.co/zO5JzPHB8q

    @VulmonFeeds

    10 Jan 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. There is a new vulnerability with elevated criticality in Microsoft Purview (CVE-2025-21385) https://t.co/zMWGsauC2v

    @vuldb

    10 Jan 2025

    88 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. [CVE-2025-21385: HIGH] A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.#cybersecurity,#vulnerability https://t.co/uLzNFNtlMA https://t.co/bfAapg51kw

    @CveFindCom

    9 Jan 2025

    59 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes