Plattform
dotnet
Komponente
microsoft-purview
CVE-2025-21385 describes a Server-Side Request Forgery (SSRF) vulnerability affecting Microsoft Purview. This vulnerability allows an authenticated attacker to disclose sensitive information by manipulating the application to make requests to unintended internal or external resources. The vulnerability impacts versions of Microsoft Purview less than or equal to the affected version (≤-). A fix is expected to be released by Microsoft.
The SSRF vulnerability in Microsoft Purview allows an attacker who has authenticated access to the system to craft malicious requests that the application will execute on the server's behalf. This can lead to the disclosure of sensitive internal resources, such as configuration files, database credentials, or internal APIs. An attacker could potentially scan internal networks for open ports and services, or even interact with internal systems that are not directly exposed to the internet. The blast radius extends to any internal resources accessible from the Purview server, potentially compromising sensitive data and impacting internal operations. While not directly exploitable for remote code execution, the information gained through SSRF can be a stepping stone for further attacks.
CVE-2025-21385 was publicly disclosed on 2025-01-09. The EPSS score is pending evaluation. There are currently no publicly available proof-of-concept exploits. This vulnerability is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Microsoft Purview for data governance and compliance are at risk. Specifically, deployments with less stringent network security controls or those using older, unpatched versions of Purview are more vulnerable. Shared hosting environments where multiple tenants share the same infrastructure could also be affected if proper isolation measures are not in place.
• dotnet / server:
Get-Process -Name "Microsoft.Purview.Service" | Select-Object ProcessId, CPU, WorkingSet• generic web:
curl -I <purview_endpoint> | grep -i 'Server'disclosure
Exploit-Status
EPSS
48.32% (98% Perzentil)
CISA SSVC
CVSS-Vektor
Until a patch is available, several mitigation strategies can be employed. First, restrict the network access of the Microsoft Purview server to only the necessary resources. Implement strict input validation to prevent attackers from manipulating the application's requests. Consider using a Web Application Firewall (WAF) to filter out malicious requests and block SSRF attempts. Regularly review and update firewall rules to reflect the current threat landscape. Implement network segmentation to isolate sensitive internal resources. Monitor network traffic for unusual outbound requests originating from the Purview server.
Aktualisieren Sie Microsoft Purview auf die neueste verfügbare Version. Dies mildert die SSRF-Schwachstelle und verhindert die unbefugte Preisgabe von Informationen über das Netzwerk.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-21385 is a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview that allows an attacker to disclose information over a network.
You are affected if you are using Microsoft Purview versions less than or equal to the affected version (≤-). Check Microsoft's advisory for specific affected versions.
Upgrade to a patched version of Microsoft Purview when available. Until then, implement mitigation strategies like restricting network access and validating user input.
Currently, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official Microsoft Security Update Guide for CVE-2025-21385 when it is published.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine packages.lock.json-Datei hoch und wir sagen dir sofort, ob du betroffen bist.