CVE-2025-21384

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-21384
CWE	https://cwe.mitre.org/data/definitions/693.html

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

Weakness

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://cwe.mitre.org/data/definitions/1.html
https://cwe.mitre.org/data/definitions/107.html
https://cwe.mitre.org/data/definitions/127.html
https://cwe.mitre.org/data/definitions/17.html
https://cwe.mitre.org/data/definitions/20.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/237.html
https://cwe.mitre.org/data/definitions/36.html
https://cwe.mitre.org/data/definitions/477.html
https://cwe.mitre.org/data/definitions/480.html
https://cwe.mitre.org/data/definitions/51.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/59.html
https://cwe.mitre.org/data/definitions/65.html
https://cwe.mitre.org/data/definitions/668.html
https://cwe.mitre.org/data/definitions/74.html
https://cwe.mitre.org/data/definitions/87.html

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384

Protection Mechanism Failure

Weakness

Related Attack Patterns

References