Platform
dotnet
Component
azure-ai-document-intelligence-studio
Fixed in
1.0.03019.1-official-7241c17a
CVE-2025-30387 describes a path traversal vulnerability discovered in Azure AI Document Intelligence Studio. This flaw allows an attacker to potentially bypass access controls and manipulate file paths, leading to privilege escalation. The vulnerability impacts versions 1.0.0 through 1.0.03019.1. A fix is available in version 1.0.03019.1-official-7241c17a.
The path traversal vulnerability in Azure AI Document Intelligence Studio allows an attacker to read or write files outside of the intended directory. This could lead to unauthorized access to sensitive data, including configuration files, credentials, or even system files. Successful exploitation could enable an attacker to gain control over the affected system and potentially move laterally within the network. The CRITICAL CVSS score reflects the high potential for severe impact and ease of exploitation.
CVE-2025-30387 was publicly disclosed on 2025-05-13. No public proof-of-concept exploits are currently known. The EPSS score is likely to be medium, given the severity of the vulnerability and the potential for network impact. Monitor for any signs of exploitation and review Azure security advisories for updates.
Exploit Status
EPSS
2.95% (86% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-30387 is to immediately upgrade Azure AI Document Intelligence Studio to version 1.0.03019.1-official-7241c17a or later. If upgrading is not immediately feasible, consider implementing strict input validation and sanitization on all file paths used within the application to prevent malicious path manipulation. Review and restrict file system permissions to minimize the potential impact of a successful attack. After upgrade, confirm the fix by attempting to access files outside the intended directory and verifying access is denied.
Update Azure AI Document Intelligence Studio to a version later than 1.0.03019.1-official-7241c17a. This will address the privilege escalation vulnerability caused by the path traversal. See the Microsoft advisory for more details and specific instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-30387 is a critical path traversal vulnerability affecting Azure AI Document Intelligence Studio versions 1.0.0–1.0.03019.1, allowing attackers to potentially access files outside the intended directory.
If you are using Azure AI Document Intelligence Studio versions 1.0.0 through 1.0.03019.1, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade to version 1.0.03019.1-official-7241c17a or later to remediate the vulnerability. Implement input validation as a temporary workaround if immediate upgrade is not possible.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Refer to the official Microsoft security advisory for detailed information and updates regarding CVE-2025-30387.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.