CVE-2025-21380
Published: 09 January 2025
Summary
CVE-2025-21380 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Azure Marketplace. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 10.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-21380 is an improper access control vulnerability, tracked under CWE-284, that affects Azure SaaS Resources. The flaw received a CVSS 3.1 base score of 8.8 and permits an authorized attacker to interact with the component across a network.
An attacker who already possesses low-privileged credentials can exploit the issue remotely without user interaction, resulting in high impact to confidentiality, integrity, and availability of the affected Azure SaaS Resources.
Microsoft’s Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21380 supplies the official guidance on mitigation and patching.
EPSS for the CVE rose from a low baseline to a peak of 0.1063 on 2026-02-03 before receding to the current value of 0.0466, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2443
Vulnerability details
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper access control in Azure SaaS enables remote exploitation from low-priv accounts (T1190) to achieve privilege escalation effects (T1068) and unauthorized data access (T1530).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces approved authorizations to mitigate improper access control allowing low-privilege attackers to disclose sensitive information in Azure SaaS Resources.
Applies least privilege to restrict low-privilege (PR:L) users from accessing or disclosing unauthorized information over the network.
Remediates the specific improper access control flaw via timely patching as detailed in the Microsoft advisory, preventing exploitation.