CVE-2025-29972

Medienbericht

EPSS 5.73%
Veröffentlicht 08.05.2025 22:17:24
Zuletzt bearbeitet 13.02.2026 20:17:11
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Azure Storage Resource Provider Spoofing Vulnerability

Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Azure Storage Resource Provider Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.73%	0.905

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.heise.de/news/Patchday-Angreifer-attackieren-Windows-ueber-fuenf-Sicherheitsluecken-10382712.html

Media Report

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29972

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-29972

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-29972

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-29972

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-29972