CVE-2023-35625: Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
mediumvulnerability
security
Summary
CVE-2023-35625 is a vulnerability in Azure Machine Learning Compute Instance that allows unauthorized users to access sensitive information through the SDK (software development kit, a collection of tools for building applications). The vulnerability is classified as an information disclosure issue, meaning private data could be exposed to people who shouldn't see it.
Vulnerability Details
CVSS Score
4.7(medium)
EPSS (30-day exploit probability)
EPSS: 0.7%
Classification
Attack Type
PII Leakage
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
AI Component TargetedInference
Affected Vendors
Microsoft
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-35625
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%