AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-49746: Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.

criticalvulnerability

security

Source: NVD/CVE DatabaseJuly 18, 2025CVE-2025-49746

Summary

CVE-2025-49746 is a vulnerability in Azure Machine Learning where improper authorization (CWE-285, a flaw in how the system checks who is allowed to do what) allows someone who already has legitimate access to gain higher-level privileges over a network. This is categorized as a privilege escalation attack, where an authorized user exploits a weakness to gain permissions they shouldn't normally have.

Vulnerability Details

CVSS Score

9.9(critical)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-285

Affected Vendors

Microsoft

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 85%