CVE-2025-49746
Published: 18 July 2025
Summary
CVE-2025-49746 is a critical-severity Improper Authorization (CWE-285) vulnerability in Microsoft Azure Machine Learning. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 18.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Not Applicable risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-49746 is an improper authorization vulnerability, tracked under CWE-285, that affects Azure Machine Learning. The flaw carries a CVSS 3.1 base score of 9.9 and permits an authorized attacker to perform privilege escalation across a network, with impacts spanning confidentiality, integrity, and availability under changed scope.
An attacker who already possesses valid credentials can exploit the weakness remotely without user interaction to elevate privileges and obtain broader control over Azure Machine Learning resources and dependent workloads.
The associated Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49746 provides official guidance and remediation details. Exploitation probability remains low, with an EPSS score that has stayed near 0.015 and shows no material upward movement since disclosure; the issue is directly relevant to machine-learning environments hosted in Azure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21900
Vulnerability details
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Not Applicable
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: machine learning
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper authorization vulnerability enables privilege escalation via exploitation of the Azure Machine Learning service, directly mapping to T1068: Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access, directly preventing improper authorization that enables privilege escalation in Azure Machine Learning.
Employs the principle of least privilege to restrict low-privileged users from escalating to high privileges via this vulnerability.
Provides timely flaw remediation through vendor patches as specified in the MSRC update guide for this Azure Machine Learning authorization vulnerability.