Platform
dotnet
Component
azure-ai-document-intelligence-studio
Opgelost in
1.0.03019.1-official-7241c17a
CVE-2025-30387 describes a path traversal vulnerability discovered in Azure AI Document Intelligence Studio. This flaw allows an attacker to potentially bypass access controls and manipulate file paths, leading to privilege escalation. The vulnerability impacts versions 1.0.0 through 1.0.03019.1. A fix is available in version 1.0.03019.1-official-7241c17a.
The path traversal vulnerability in Azure AI Document Intelligence Studio allows an attacker to read or write files outside of the intended directory. This could lead to unauthorized access to sensitive data, including configuration files, credentials, or even system files. Successful exploitation could enable an attacker to gain control over the affected system and potentially move laterally within the network. The CRITICAL CVSS score reflects the high potential for severe impact and ease of exploitation.
CVE-2025-30387 was publicly disclosed on 2025-05-13. No public proof-of-concept exploits are currently known. The EPSS score is likely to be medium, given the severity of the vulnerability and the potential for network impact. Monitor for any signs of exploitation and review Azure security advisories for updates.
Organizations heavily reliant on Azure AI Document Intelligence Studio for document processing and those with complex network configurations are particularly at risk. Environments with weak access controls or legacy configurations are also more vulnerable.
• windows / dotnet: Use PowerShell to check for unusual file access patterns.
Get-WinEvent -LogName Security -Filter "EventID=4663 and SubjectUserName!=''" | Where-Object {$_.Properties[0].Value -like 'C:\*\*\*'} | Format-Table -Property TimeCreated, SubjectUserName, ProcessName, Path• linux / server: Monitor system logs (journalctl) for suspicious file access attempts.
journalctl | grep -i "path traversal" | grep -i "error"• generic web: Monitor access logs for requests containing unusual path characters (../, \..). Check response headers for unexpected file disclosures.
disclosure
Exploit Status
EPSS
2.95% (86% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-30387 is to immediately upgrade Azure AI Document Intelligence Studio to version 1.0.03019.1-official-7241c17a or later. If upgrading is not immediately feasible, consider implementing strict input validation and sanitization on all file paths used within the application to prevent malicious path manipulation. Review and restrict file system permissions to minimize the potential impact of a successful attack. After upgrade, confirm the fix by attempting to access files outside the intended directory and verifying access is denied.
Werk Azure AI Document Intelligence Studio bij naar een versie later dan 1.0.03019.1-official-7241c17a. Dit zal de privilege-escalatie kwetsbaarheid veroorzaakt door de path traversal oplossen. Raadpleeg het Microsoft advisory voor meer details en specifieke instructies.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-30387 is a critical path traversal vulnerability affecting Azure AI Document Intelligence Studio versions 1.0.0–1.0.03019.1, allowing attackers to potentially access files outside the intended directory.
If you are using Azure AI Document Intelligence Studio versions 1.0.0 through 1.0.03019.1, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade to version 1.0.03019.1-official-7241c17a or later to remediate the vulnerability. Implement input validation as a temporary workaround if immediate upgrade is not possible.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Refer to the official Microsoft security advisory for detailed information and updates regarding CVE-2025-30387.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je packages.lock.json-bestand en we vertellen je direct of je getroffen bent.