CVE-2025-30387
published 2025-05-13CVE-2025-30387: Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.09%
61.1th percentile
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_ai_document_intelligence_studio | >= 1.0.0 < 1.0.03019.1-official-7241c17a | 1.0.03019.1-official-7241c17a |
| msrc | azure_ai_document_intelligence_studio | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is path traversal allowing access to files one directory above the intended file upload path — monitor for directory traversal sequences (e.g., '../') in file upload requests to Document Intelligence Studio On-Prem endpoints. ↗
- →Suspicious activity would include unauthorized read/download of the parent folder of the mounted path — alert on unexpected file access or download attempts targeting the parent directory of the configured mount path. ↗
- ·Remediation requires updating the Document Intelligence Studio On-Prem container image to the latest tag from MCR; user data and settings are not affected by the upgrade. ↗
- ·The vulnerable component is the Azure Document Intelligence Studio On-Prem container image, available at the MCR registry path referenced in the advisory. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
vendor_msrc·2025-05-13·CVSS 9.8
CVE-2025-30387 [CRITICAL] CWE-22 Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
Description: Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
FAQ: What actions does a valid user have to take to be protected against this vulnerability?
Update the image to the latest tag. User data and setting will not be affected by upgrading to the latest tag.
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by bypassing authentication/authorization to access files located one directory above the intended file upload path.
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exp
GHSA
GHSA-j6rm-rh5c-35fw: Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a n
ghsa_unreviewed·2025-05-13
CVE-2025-30387 [CRITICAL] CWE-22 GHSA-j6rm-rh5c-35fw: Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a n
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
No detection rules found.
No public exploits indexed.
2025-05-13
Published