CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability

...

CVE-2025-30389

CVE-2025-30389 describes an improper authorization issue in the Azure Bot Framework SDK that allows an unauthenticated, network-based attacker to elevate privileges. The NVD entry lists a CRITICAL impact with CVSSv3.1: AV=N, AC=L, PR=NONE, UI=N, S=U, C=H, I=H, A=H (base score 9.8). Microsoft/Red ...

CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability

...

Azure AI Bot Elevation of Privilege Vulnerability

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...

Azure Bot Framework SDK Elevation of Privilege Vulnerability

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...

Microsoft Azure Bot Framework SDK 授权问题漏洞

The Microsoft Azure Bot Framework SDK is a development framework for building, testing, and deploying enterprise-grade conversational AI bots with support for multi-channel integration and natural language processing from Microsoft USA. An authorization issue vulnerability exists in the Microsoft...

Microsoft Azure Bot Framework SDK 授权问题漏洞

The Microsoft Azure Bot Framework SDK is a development framework for building, testing, and deploying enterprise-grade conversational AI bots with support for multi-channel integration and natural language processing from Microsoft USA. An authorization issue vulnerability exists in the Microsoft...

PT-2025-18303

Name of the Vulnerable Software and Affected Versions: Azure Bot Framework SDK affected versions not specified Description: The issue is related to improper authorization in the Azure Bot Framework SDK, allowing an unauthorized attacker to elevate privileges over a network. Recommendations: At th...

PT-2025-18300

Name of the Vulnerable Software and Affected Versions: Azure Bot Framework SDK affected versions not specified Description: The issue is related to improper authorization in the Azure Bot Framework SDK, allowing an unauthorized attacker to elevate privileges over a network. Recommendations: At th...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26604 Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26604 Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26604

Discord-Bot-Framework-Kernel is affected by CVE-2025-26604 due to an arbitrary user-submitted code execution vulnerability. A malicious module can extract the bot token and, with high privileges, allow the attacker to impersonate the bot or gain near-full control; a blocking module can also be lo...

Discord Bot Framework Kernel 信息泄露漏洞

Discord Bot Framework Kernel is a Discord Bot Framework kernel open sourced by Discord Agora. An information disclosure vulnerability exists in the Discord Bot Framework Kernel that stems from not properly handling user-submitted code. An attacker could exploit the vulnerability to extract...

The vulnerability of the Bot Framework SDK, related to improper code generation management, allows a perpetrator to disclose protected information.

The vulnerability of the Bot Framework SDK is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Microsoft Bot Framework SDK Remote Code Execution Vulnerability

The Microsoft Bot Framework SDK is a powerful framework for constructing bots that can handle free-form interactions and more guided conversations.The Microsoft Bot Framework SDK is vulnerable to remote code execution. An attacker could exploit this vulnerability to execute code on the target hos...

CVE-2021-43225

Bot Framework SDK Remote Code Execution Vulnerability...

CVE-2021-43225

Bot Framework SDK Remote Code Execution Vulnerability...

Remote code execution

Bot Framework SDK Remote Code Execution Vulnerability...