CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability

...

CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability

...

CVE-2025-30389

CVE-2025-30389 describes an improper authorization issue in the Azure Bot Framework SDK that allows an unauthenticated, network-based attacker to elevate privileges. The NVD entry lists a CRITICAL impact with CVSSv3.1: AV=N, AC=L, PR=NONE, UI=N, S=U, C=H, I=H, A=H (base score 9.8). Microsoft/Red ...

Azure AI Bot Elevation of Privilege Vulnerability

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...

Azure Bot Framework SDK Elevation of Privilege Vulnerability

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...

Microsoft Azure Bot Framework SDK 授权问题漏洞

The Microsoft Azure Bot Framework SDK is a development framework for building, testing, and deploying enterprise-grade conversational AI bots with support for multi-channel integration and natural language processing from Microsoft USA. An authorization issue vulnerability exists in the Microsoft...

PT-2025-18300

Name of the Vulnerable Software and Affected Versions: Azure Bot Framework SDK affected versions not specified Description: The issue is related to improper authorization in the Azure Bot Framework SDK, allowing an unauthorized attacker to elevate privileges over a network. Recommendations: At th...

PT-2025-18303

Name of the Vulnerable Software and Affected Versions: Azure Bot Framework SDK affected versions not specified Description: The issue is related to improper authorization in the Azure Bot Framework SDK, allowing an unauthorized attacker to elevate privileges over a network. Recommendations: At th...

Microsoft Azure Bot Framework SDK 授权问题漏洞

The Microsoft Azure Bot Framework SDK is a development framework for building, testing, and deploying enterprise-grade conversational AI bots with support for multi-channel integration and natural language processing from Microsoft USA. An authorization issue vulnerability exists in the Microsoft...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26604

Discord-Bot-Framework-Kernel is affected by CVE-2025-26604 due to an arbitrary user-submitted code execution vulnerability. A malicious module can extract the bot token and, with high privileges, allow the attacker to impersonate the bot or gain near-full control; a blocking module can also be lo...

CVE-2025-26604 Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26604 Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

Discord Bot Framework Kernel 信息泄露漏洞

Discord Bot Framework Kernel is a Discord Bot Framework kernel open sourced by Discord Agora. An information disclosure vulnerability exists in the Discord Bot Framework Kernel that stems from not properly handling user-submitted code. An attacker could exploit the vulnerability to extract...

The vulnerability of the Bot Framework SDK, related to improper code generation management, allows a perpetrator to disclose protected information.

The vulnerability of the Bot Framework SDK is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Microsoft Bot Framework SDK Remote Code Execution Vulnerability

The Microsoft Bot Framework SDK is a powerful framework for constructing bots that can handle free-form interactions and more guided conversations.The Microsoft Bot Framework SDK is vulnerable to remote code execution. An attacker could exploit this vulnerability to execute code on the target hos...

CVE-2021-43225

Bot Framework SDK Remote Code Execution Vulnerability...

CVE-2021-43225

Bot Framework SDK Remote Code Execution Vulnerability...

Remote code execution

Bot Framework SDK Remote Code Execution Vulnerability...