プラットフォーム
dotnet
コンポーネント
azure-ai-document-intelligence-studio
修正版
1.0.03019.1-official-7241c17a
CVE-2025-30387 describes a path traversal vulnerability discovered in Azure AI Document Intelligence Studio. This flaw allows an attacker to potentially bypass access controls and manipulate file paths, leading to privilege escalation. The vulnerability impacts versions 1.0.0 through 1.0.03019.1. A fix is available in version 1.0.03019.1-official-7241c17a.
The path traversal vulnerability in Azure AI Document Intelligence Studio allows an attacker to read or write files outside of the intended directory. This could lead to unauthorized access to sensitive data, including configuration files, credentials, or even system files. Successful exploitation could enable an attacker to gain control over the affected system and potentially move laterally within the network. The CRITICAL CVSS score reflects the high potential for severe impact and ease of exploitation.
CVE-2025-30387 was publicly disclosed on 2025-05-13. No public proof-of-concept exploits are currently known. The EPSS score is likely to be medium, given the severity of the vulnerability and the potential for network impact. Monitor for any signs of exploitation and review Azure security advisories for updates.
Organizations heavily reliant on Azure AI Document Intelligence Studio for document processing and those with complex network configurations are particularly at risk. Environments with weak access controls or legacy configurations are also more vulnerable.
• windows / dotnet: Use PowerShell to check for unusual file access patterns.
Get-WinEvent -LogName Security -Filter "EventID=4663 and SubjectUserName!=''" | Where-Object {$_.Properties[0].Value -like 'C:\*\*\*'} | Format-Table -Property TimeCreated, SubjectUserName, ProcessName, Path• linux / server: Monitor system logs (journalctl) for suspicious file access attempts.
journalctl | grep -i "path traversal" | grep -i "error"• generic web: Monitor access logs for requests containing unusual path characters (../, \..). Check response headers for unexpected file disclosures.
disclosure
エクスプロイト状況
EPSS
2.95% (86% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-30387 is to immediately upgrade Azure AI Document Intelligence Studio to version 1.0.03019.1-official-7241c17a or later. If upgrading is not immediately feasible, consider implementing strict input validation and sanitization on all file paths used within the application to prevent malicious path manipulation. Review and restrict file system permissions to minimize the potential impact of a successful attack. After upgrade, confirm the fix by attempting to access files outside the intended directory and verifying access is denied.
Azure AI Document Intelligence Studio を 1.0.03019.1-official-7241c17a よりも新しいバージョンにアップデートしてください。これにより、パストラバーサルによって引き起こされる権限昇格の脆弱性が修正されます。詳細と具体的な手順については、Microsoft のアドバイザリを参照してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-30387 is a critical path traversal vulnerability affecting Azure AI Document Intelligence Studio versions 1.0.0–1.0.03019.1, allowing attackers to potentially access files outside the intended directory.
If you are using Azure AI Document Intelligence Studio versions 1.0.0 through 1.0.03019.1, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade to version 1.0.03019.1-official-7241c17a or later to remediate the vulnerability. Implement input validation as a temporary workaround if immediate upgrade is not possible.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Refer to the official Microsoft security advisory for detailed information and updates regarding CVE-2025-30387.
packages.lock.json ファイルをアップロードすると、影響の有無を即座にお知らせします。