CVE-2025-49747: Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Summary
CVE-2025-49747 is a missing authorization vulnerability (a flaw where a system fails to properly check if a user has permission to perform an action) in Azure Machine Learning that allows someone who already has some access to the system to gain elevated privileges, or higher levels of access, over a network.
Vulnerability Details
9.9(critical)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-49747
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%