CVE-2025-30387 — AI Deep Analysis Summary

🚨 **Essence**: Path Traversal in Azure AI Document Intelligence Studio. 📉 **Consequences**: Attackers can traverse directories to access unauthorized files, leading to **Elevation of Privilege**.…

🛡️ **Root Cause**: **CWE-22** (Improper Limitation of a Pathname to a Restricted Directory).…

🏢 **Affected Vendor**: Microsoft. 📦 **Product**: Azure AI Document Intelligence Studio. ⚠️ **Scope**: Specifically impacts the **On-Premises** deployment version.…

💀 **Attacker Actions**: 📂 Access sensitive system files outside the allowed directory. 🔑 **Elevate Privileges**: Gain higher-level access than intended. 📄 Read/Modify critical data.…

⚡ **Exploitation Threshold**: **LOW**. 🌐 **Network**: Remote (AV:N). 🔒 **Auth**: None required (PR:N). 🖱️ **User Interaction**: None (UI:N). 🎯 **Complexity**: Low (AC:L).…

🔍 **Public Exploit**: **No**. The `pocs` field is empty. 📜 **References**: Only a vendor advisory link is provided. Currently, no public Proof-of-Concept (PoC) or wild exploitation code is available in the provided data.

🔎 **Self-Check**: 1. Identify if you run **Azure AI Document Intelligence Studio On-Prem**. 2. Review file access logs for suspicious `../` patterns. 3. Scan for unpatched versions of the specific product component. 4.…

🩹 **Official Fix**: **Yes**. Microsoft has issued an advisory (MSRC). 📅 **Published**: 2025-05-13. 📥 **Action**: Visit the Microsoft Security Response Center (MSRC) update guide to download the official patch or update.

🚧 **No Patch Workaround**: 1. **Isolate**: Restrict network access to the On-Prem instance. 2. **WAF**: Configure Web Application Firewall rules to block directory traversal payloads (`../`). 3.…

🔥 **Urgency**: **CRITICAL**. 🚨 With CVSS **High** impact and **No Auth** required, this is a high-priority fix. 🏃 **Action**: Patch immediately upon availability.…