March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Actively Exploited Flaw in Ivanti Impacts Connect Secure and Policy Secure
January 10, 2025Patchwork APT Group – Active IOCs
January 10, 2025Actively Exploited Flaw in Ivanti Impacts Connect Secure and Policy Secure
January 10, 2025Patchwork APT Group – Active IOCs
January 10, 2025
Severity
High
Analysis Summary
CVE-2025-21380 CVSS:8.8
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
CVE-2025-21385 CVSS:8.8
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-21380
- CVE-2025-21385
Affected Vendors
Microsoft
Affected Products
- Microsoft Marketplace SaaS
- Microsoft Purview
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.