Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-21380 CVSS:8.8

Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.

CVE-2025-21385 CVSS:8.8

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

Impact

Information Disclosure

Indicators of Compromise

CVE

CVE-2025-21380
CVE-2025-21385

Affected Vendors

Microsoft

Affected Products

Microsoft Marketplace SaaS
Microsoft Purview

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-21380

CVE-2025-21385

Actively Exploited Flaw in Ivanti Impacts Connect Secure and Policy Secure

Patchwork APT Group – Active IOCs

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan