{"data":{"id":"4e2759cf-7755-427d-a7c2-e3bf759276c1","title":"CVE-2025-49747: Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.","summary":"CVE-2025-49747 is a missing authorization vulnerability (a flaw where a system fails to properly check if a user has permission to perform an action) in Azure Machine Learning that allows someone who already has some access to the system to gain elevated privileges, or higher levels of access, over a network.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-49747","publishedAt":"2025-07-18T17:15:43.503Z","cveId":"CVE-2025-49747","cweIds":["CWE-862"],"cvssScore":"9.9","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Azure Machine Learning","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00126,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}