CVE-2025-21415
Published: 29 January 2025
Summary
CVE-2025-21415 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Microsoft Azure Ai Face Service. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as APIs and Models; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and IA-5 (Authenticator Management).
Deeper analysis
The vulnerability CVE-2025-21415 is an authentication bypass by spoofing that affects the Azure AI Face Service. It is tracked under CWE-290 and carries a CVSS 3.1 base score of 9.9 reflecting network attack vector, low complexity, and low-privileged access that results in high impact across confidentiality, integrity, and availability in a changed scope.
An authorized attacker can exploit the flaw remotely over a network to elevate privileges, allowing unauthorized access and control within the affected Azure AI Face Service component.
Microsoft has published an advisory for CVE-2025-21415 in its update guide that addresses mitigation steps for affected customers.
The issue is relevant to AI/ML deployments because it impacts a facial recognition service; its EPSS score has remained low, with a current value of 0.0374 and a peak of 0.0391.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2474
Vulnerability details
Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.
- CWE(s)
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes an authentication bypass vulnerability via spoofing in Azure AI Face Service, enabling an authorized attacker to elevate privileges remotely, which maps to exploitation for privilege escalation (T1068) and exploitation of remote services (T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates this specific authentication bypass flaw by requiring timely identification, reporting, and patching as detailed in Microsoft's update guide for CVE-2025-21415.
Manages authenticators to prevent spoofing and bypass vulnerabilities in authentication mechanisms like those exploited in Azure AI Face Service.
Enforces least privilege to restrict the scope and impact of privilege elevation by low-privilege attackers exploiting the authentication bypass.