Severity
High
Analysis Summary
CVE-2025-47995 CVSS:6.5
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-49746 CVSS:9.9
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-47158 CVSS:9
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-49747 CVSS:9.9
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-47995
CVE-2025-49746
CVE-2025-47158
CVE-2025-49747
Affected Vendors
- Microsoft
Affected Products
- Microsoft Azure Machine Learning
- Microsoft Azure DevOps
Remediation
Refer to Microsoft Website for patch, upgrade, or suggested workaround information.