CVE-2025-49747
Published: 18 July 2025
Summary
CVE-2025-49747 is a critical-severity Missing Authorization (CWE-862) vulnerability in Microsoft Azure Machine Learning. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 28.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires enforcement of approved authorizations for access to system resources in Azure Machine Learning, directly addressing the missing authorization that enables privilege escalation.
Enforces least privilege to limit the scope and impact of privilege escalation from low-privilege accounts exploiting the missing authorization.
Mandates identification, reporting, and correction of flaws like this missing authorization vulnerability through timely patching as per Microsoft's advisory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization in Azure Machine Learning enables an authorized attacker to perform privilege escalation over a network via exploitation.
NVD Description
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Deeper analysisAI
CVE-2025-49747 is a missing authorization vulnerability (CWE-862) affecting Azure Machine Learning. Published on 2025-07-18, it enables an authorized attacker to elevate privileges over a network. The issue carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), classifying it as critical due to its potential for widespread impact.
An attacker requires low privileges (PR:L) to exploit the vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation results in a scope change (S:C) and high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), specifically allowing privilege escalation within the affected Azure Machine Learning environment.
Microsoft's advisory provides mitigation guidance in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49747. Security practitioners should consult this resource for patching and workaround details.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Azure Machine Learning is a cloud-based platform for managing machine learning workflows, including training, deployment, and inference, fitting the 'Other Platforms' category for AI/ML services.