5 matches found
CVE-2025-21385
Microsoft Purview CVE-2025-21385 is a Server-Side Request Forgery (SSRF) vulnerability that could allow an authenticated attacker to disclose information over the network. Public documents in the connected set confirm the vulnerability in Purview with a base CVSS v3 score of 6.5 (NVD) and a highe...
CVE-2025-53762
CVE-2025-53762 — Microsoft Purview Elevation of Privilege . Affected product: Microsoft Purview. Description in sources: a permissive list of allowed inputs can enable an authorized attacker to elevate privileges over a network. The vulnerability is described as a network-exploitable privilege es...
CVE-2025-64676
CVE-2025-64676 concerns Microsoft Purview eDiscovery Remote Code Execution. A flaw in Purview (via the // path) allows an authorized attacker to execute code over the network. Affected software is Microsoft Purview/eDiscovery; the root cause is a path-related/code-execution flaw that can enable t...
CVE-2026-26138
CVE-2026-26138 describes a server-side request forgery (SSRF) in Microsoft Purview that enables an attacker to achieve a network-based privilege elevation. The connected sources confirm the vulnerable product (Microsoft Purview) and the impact (privilege escalation) via SSRF, but do not provide g...
CVE-2026-26139
Microsoft Purview contains a server-side request forgery (SSRF) vulnerability that could allow a network-based attacker to elevate privileges within the target environment. Affected component: Microsoft Purview; root cause: SSRF leading to privilege elevation. Impact per CVSS: Confidentiality Hig...