Microsoft Azure Health Bot Server-Side Request Forgery Vulnerability Allowing Privilege Elevation

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Microsoft Azure Health Bot. This vulnerability allows an authenticated attacker to elevate privileges over a network. The issue has been fully mitigated by Microsoft, and no action is required from users of this service.

Impact

Exploitation of this vulnerability allows for unauthorized privilege elevation within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Azure Health Bot Server-Side Request Forgery Vulnerability Allowing Privilege Elevation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating