Platform
dotnet
Component
microsoft-purview
CVE-2025-21385 describes a Server-Side Request Forgery (SSRF) vulnerability affecting Microsoft Purview. This vulnerability allows an authenticated attacker to disclose sensitive information by manipulating the application to make requests to unintended internal or external resources. The vulnerability impacts versions of Microsoft Purview less than or equal to the affected version (≤-). A fix is expected to be released by Microsoft.
The SSRF vulnerability in Microsoft Purview allows an attacker who has authenticated access to the system to craft malicious requests that the application will execute on the server's behalf. This can lead to the disclosure of sensitive internal resources, such as configuration files, database credentials, or internal APIs. An attacker could potentially scan internal networks for open ports and services, or even interact with internal systems that are not directly exposed to the internet. The blast radius extends to any internal resources accessible from the Purview server, potentially compromising sensitive data and impacting internal operations. While not directly exploitable for remote code execution, the information gained through SSRF can be a stepping stone for further attacks.
CVE-2025-21385 was publicly disclosed on 2025-01-09. The EPSS score is pending evaluation. There are currently no publicly available proof-of-concept exploits. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
48.32% (98% percentile)
CISA SSVC
CVSS Vector
Until a patch is available, several mitigation strategies can be employed. First, restrict the network access of the Microsoft Purview server to only the necessary resources. Implement strict input validation to prevent attackers from manipulating the application's requests. Consider using a Web Application Firewall (WAF) to filter out malicious requests and block SSRF attempts. Regularly review and update firewall rules to reflect the current threat landscape. Implement network segmentation to isolate sensitive internal resources. Monitor network traffic for unusual outbound requests originating from the Purview server.
Update Microsoft Purview to the latest available version. This will mitigate the SSRF vulnerability and prevent unauthorized information disclosure over the network.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-21385 is a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview that allows an attacker to disclose information over a network.
You are affected if you are using Microsoft Purview versions less than or equal to the affected version (≤-). Check Microsoft's advisory for specific affected versions.
Upgrade to a patched version of Microsoft Purview when available. Until then, implement mitigation strategies like restricting network access and validating user input.
Currently, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official Microsoft Security Update Guide for CVE-2025-21385 when it is published.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.