1.0.03019.1-official-7241c17a
CVE-2025-30387 describes a path traversal vulnerability discovered in Azure AI Document Intelligence Studio. This flaw allows an attacker to potentially bypass access controls and manipulate file paths, leading to privilege escalation. The vulnerability impacts versions 1.0.0 through 1.0.03019.1. A fix is available in version 1.0.03019.1-official-7241c17a.
The path traversal vulnerability in Azure AI Document Intelligence Studio allows an attacker to read or write files outside of the intended directory. This could lead to unauthorized access to sensitive data, including configuration files, credentials, or even system files. Successful exploitation could enable an attacker to gain control over the affected system and potentially move laterally within the network. The CRITICAL CVSS score reflects the high potential for severe impact and ease of exploitation.
CVE-2025-30387 was publicly disclosed on 2025-05-13. No public proof-of-concept exploits are currently known. The EPSS score is likely to be medium, given the severity of the vulnerability and the potential for network impact. Monitor for any signs of exploitation and review Azure security advisories for updates.
Organizations heavily reliant on Azure AI Document Intelligence Studio for document processing and those with complex network configurations are particularly at risk. Environments with weak access controls or legacy configurations are also more vulnerable.
• windows / dotnet: Use PowerShell to check for unusual file access patterns.
Get-WinEvent -LogName Security -Filter "EventID=4663 and SubjectUserName!=''" | Where-Object {$_.Properties[0].Value -like 'C:\*\*\*'} | Format-Table -Property TimeCreated, SubjectUserName, ProcessName, Path• linux / server: Monitor system logs (journalctl) for suspicious file access attempts.
journalctl | grep -i "path traversal" | grep -i "error"• generic web: Monitor access logs for requests containing unusual path characters (../, \..). Check response headers for unexpected file disclosures.
disclosure
漏洞利用状态
EPSS
2.95% (86% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-30387 is to immediately upgrade Azure AI Document Intelligence Studio to version 1.0.03019.1-official-7241c17a or later. If upgrading is not immediately feasible, consider implementing strict input validation and sanitization on all file paths used within the application to prevent malicious path manipulation. Review and restrict file system permissions to minimize the potential impact of a successful attack. After upgrade, confirm the fix by attempting to access files outside the intended directory and verifying access is denied.
将 Azure AI Document Intelligence Studio 更新到 1.0.03019.1-official-7241c17a 之后的版本。这会修复由路径遍历引起的提权漏洞。请参阅 Microsoft advisory 以获取更多详细信息和特定说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-30387 is a critical path traversal vulnerability affecting Azure AI Document Intelligence Studio versions 1.0.0–1.0.03019.1, allowing attackers to potentially access files outside the intended directory.
If you are using Azure AI Document Intelligence Studio versions 1.0.0 through 1.0.03019.1, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade to version 1.0.03019.1-official-7241c17a or later to remediate the vulnerability. Implement input validation as a temporary workaround if immediate upgrade is not possible.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Refer to the official Microsoft security advisory for detailed information and updates regarding CVE-2025-30387.
上传你的 packages.lock.json 文件,立即知道是否受影响。