Cyber Resilience

CVE-2025-21415

Critical

Published: 29 January 2025

Published
29 January 2025
Modified
07 February 2025
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0374 88.3th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21415 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Microsoft Azure Ai Face Service. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as APIs and Models; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and IA-5 (Authenticator Management).

Deeper analysis

The vulnerability CVE-2025-21415 is an authentication bypass by spoofing that affects the Azure AI Face Service. It is tracked under CWE-290 and carries a CVSS 3.1 base score of 9.9 reflecting network attack vector, low complexity, and low-privileged access that results in high impact across confidentiality, integrity, and availability in a changed scope.

An authorized attacker can exploit the flaw remotely over a network to elevate privileges, allowing unauthorized access and control within the affected Azure AI Face Service component.

Microsoft has published an advisory for CVE-2025-21415 in its update guide that addresses mitigation steps for affected customers.

The issue is relevant to AI/ML deployments because it impacts a facial recognition service; its EPSS score has remained low, with a current value of 0.0374 and a peak of 0.0391.

EU & UK References

Vulnerability details

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

CWE(s)

AI Security AnalysisAI

AI Category
APIs and Models
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The CVE describes an authentication bypass vulnerability via spoofing in Azure AI Face Service, enabling an authorized attacker to elevate privileges remotely, which maps to exploitation for privilege escalation (T1068) and exploitation of remote services (T1210).

CVEs Like This One

CVE-2026-23669Same vendor: Microsoft
CVE-2025-21198Same vendor: Microsoft
CVE-2026-21262Same vendor: Microsoft
CVE-2026-25173Same vendor: Microsoft
CVE-2025-62550Same vendor: Microsoft
CVE-2025-62456Same vendor: Microsoft
CVE-2026-32161Same vendor: Microsoft
CVE-2026-34332Same vendor: Microsoft
CVE-2026-33826Same vendor: Microsoft
CVE-2026-20854Same vendor: Microsoft

Affected Assets

microsoft
azure ai face service
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates this specific authentication bypass flaw by requiring timely identification, reporting, and patching as detailed in Microsoft's update guide for CVE-2025-21415.

prevent

Manages authenticators to prevent spoofing and bypass vulnerabilities in authentication mechanisms like those exploited in Azure AI Face Service.

prevent

Enforces least privilege to restrict the scope and impact of privilege elevation by low-privilege attackers exploiting the authentication bypass.

References