AI description
CVE-2025-21415 is an authentication bypass vulnerability due to spoofing, affecting Microsoft's Azure AI Face Service. An attacker who already has authorization could exploit this flaw to gain elevated privileges on the network. Microsoft has acknowledged the existence of proof-of-concept exploit code for this vulnerability. While the specific details of the vulnerability have not been publicly disclosed, it involves a discrepancy in how the Azure AI Face service analyzes and processes images. Microsoft has addressed the vulnerability without requiring any action from customers. The fix was deployed, and the vulnerability mitigated by February 4, 2025.
- Description
- Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.
- Source
- secure@microsoft.com
- NVD status
- Received
- CNA Tags
- exclusively-hosted-service
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- secure@microsoft.com
- CWE-290
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
Microsoft patched critical vulnerabilities in Azure AI Face Service and Microsoft Account: CVE-2025-21415 allows authentication bypass, while CVE-2025-21396 has authorization flaws. No exploitation evidence found. #CyberSecurity #MFA Sources: thehackernews, cybersecuritynews 🐱…
@CuriousCats_US
4 Feb 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google e Microsoft correggono vulnerabilità critiche in Android e Azure AI Sicurezza Informatica, aggiornamenti sicurezza, AI, Android, azure, CVE-2024-53104, CVE-2025-21415, Face Service, Google, Microsoft Account, patch, vulnerabilità https://t.co/cBmqDATSPC https://t.co/1noSCK
@matricedigitale
4 Feb 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
マイクロソフトがMicrosoftアカウントとAzure AI Face Service Elevationにおける脆弱性を開示。前者はCVSSスコア7.5のCVE-2025-21396、後者はCVSSスコア9.9のCVE-2025-21415で、いずれも権限昇格。後者はPoC(攻撃の概念実証コード)存在確認済み。両者とも完全に対策済み。 https://t.co/6hEQoficU5
@__kokumoto
4 Feb 2025
771 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft has issued critical patches for two major security flaws in Azure AI Face Service and Microsoft Account. While patched, CVE-2025-21415 had a public exploit. Learn more: https://t.co/XKeTUGaR9s
@TheHackersNews
4 Feb 2025
15273 Impressions
57 Retweets
122 Likes
25 Bookmarks
2 Replies
1 Quote
#securityupdate #microsoft #定例外 2025. 1.29 Azure AI Face Service Elevation of Privilege Vulnerability CVE-2025-21415 Security Vulnerability リリース日: 2025年1月29日 - マイクロソフト https://t.co/3klPt8jIbS
@kawn2020
30 Jan 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
Critical Elevation of Privilege vulnerability has been discovered in #Microsoft Azure AI Face Service. This vulnerability has been mitigated by Microsoft. #CVE-2025-21415 https://t.co/lgWGrmw337
@NCIIPC
30 Jan 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A high-severity authentication bypass vulnerability in Microsoft's Azure AI Face Service is been seen in CVE-2025-21415. Microsoft’s official patch has been released as well. https://t.co/GAnvXreMGz
@GrimmAnalyst
30 Jan 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-21415: CRITICAL] Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.#cybersecurity,#vulnerability https://t.co/d1tve5kSHg https://t.co/1t2x5wUYHX
@CveFindCom
29 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes