Microsoft Azure Cognitive Service for Language Custom Question Answering Elevation of Privilege Vulnerability

Vulnerability

A vulnerability allowing elevation of privilege has been identified in the Custom Question Answering feature of Microsoft Azure Cognitive Service for Language. This vulnerability arises from a server-side request forgery (SSRF) weakness, which could potentially be exploited to gain unauthorized privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized elevation of privileges, allowing a user to gain access to resources or functionalities that are normally restricted.

Added: Dec 18, 2025, 10:25 PM

Updated: Dec 18, 2025, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Azure Cognitive Service for Language Custom Question Answering Elevation of Privilege Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating