CVE-2025-49747

CVE-2025-49747 is a privilege-escalation vulnerability affecting Microsoft Azure Machine Learning reported as missing authorization. Affected component: Azure Machine Learning (machine learning services platform). Root cause per description: insufficient access control that allows an authorized a...

CVE-2025-49746 Azure Machine Learning Elevation of Privilege Vulnerability

...

CVE-2025-49747 Azure Machine Learning Elevation of Privilege Vulnerability

...

Azure Machine Learning Elevation of Privilege Vulnerability

Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network...

Azure Machine Learning Elevation of Privilege Vulnerability

Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network...

Microsoft Azure Machine Learning 安全漏洞

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

PT-2025-30067 · Microsoft · Azure Machine Learning

Name of the Vulnerable Software and Affected Versions: Azure Machine Learning affected versions not specified Description: Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information...

Microsoft Azure Machine Learning 授权问题漏洞

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

PT-2025-30066 · Microsoft · Azure Machine Learning

Name of the Vulnerable Software and Affected Versions: Azure Machine Learning affected versions not specified Description: Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information abou...

PT-2025-30068 · Microsoft · Azure Machine Learning

Name of the Vulnerable Software and Affected Versions: Azure Machine Learning affected versions not specified Description: Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information...

Microsoft Azure Machine Learning 安全漏洞

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

How to Mitigate and Defend against DDoS Attacks in IoT Devices

Distributed Denial of Service DDoS attacks have become increasingly prevalent and dangerous in the context of Internet of Things IoT networks, primarily due to the low-security configurations of many connected devices. This paper analyzes the nature and impact of DDoS attacks such as those launch...

Expanding ML-Documentation Standards for Better Security

This article presents the current state of ML-security and of the documentation of ML-based systems, models and datasets in research and practice based on an extensive review of the existing literature. It shows a generally low awareness of security aspects among ML-practitioners and organization...

DNS Tunneling: Threat Landscape and Improved Detection Solutions

Detecting Domain Name System DNS tunneling is a significant challenge in security due to its capacity to hide harmful actions within DNS traffic that appears to be normal and legitimate. Traditional detection methods are based on rule-based approaches or signature matching methods that are often...

Reporte De Vulnerabilidades En IIoT. Proyecto DEFENDER

The main objective of this technical report is to conduct a comprehensive study on devices operating within Industrial Internet of Things IIoT environments, describing the scenarios that define this category and analysing the vulnerabilities that compromise their security. To this end, the report...

BandFuzz: an ML-Powered Collaborative Fuzzing Framework

Collaborative fuzzing has recently emerged as a technique that combines multiple individual fuzzers and dynamically chooses the appropriate combinations suited for different programs. Unlike individual fuzzers, which rely on specific assumptions to maintain their effectiveness, collaborative...

LLMalMorph: on the Feasibility of Generating Variant Malware Using Large-Language-Models

Large Language Models LLMs have transformed software development and automated code generation. Motivated by these advancements, this paper explores the feasibility of LLMs in modifying malware source code to generate variants. We introduce LLMalMorph, a semi-automated framework that leverages...

Entangled Threats: a Unified Kill Chain Model for Quantum Machine Learning Security

Quantum Machine Learning QML systems inherit vulnerabilities from classical machine learning while introducing new attack surfaces rooted in the physical and algorithmic layers of quantum computing. Despite a growing body of research on individual attack vectors - ranging from adversarial poisoni...

Phishing Detection in the Gen-AI Era: Quantized LLMs Vs Classical Models

Phishing attacks are becoming increasingly sophisticated, underscoring the need for detection systems that strike a balance between high accuracy and computational efficiency. This paper presents a comparative evaluation of traditional Machine Learning ML, Deep Learning DL, and quantized...

IThermTroj: Exploiting Intermittent Thermal Trojans in Multi-Processor System-On-Chips

Thermal Trojan attacks present a pressing concern for the security and reliability of System-on-Chips SoCs, especially in mobile applications. The situation becomes more complicated when such attacks are more evasive and operate sporadically to stay hidden from detection mechanisms. In this paper...