CVE-2025-21385

HIGH

Microsoft Purview - Server-Side Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-21385. PoCs published by Pauloxc6.

AI-analyzed exploit summary This repository contains a bash script that exploits an SSRF vulnerability in Microsoft Purview by sending a crafted JSON payload to a target URL via a POST request. The script checks for successful exploitation based on the HTTP response code.

Description

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

Exploits (1)

nomisec WORKING POC 2 stars

by Pauloxc6 · poc

https://github.com/Pauloxc6/CVE-2025-21385

View Code ZIP pw:eip

This repository contains a bash script that exploits an SSRF vulnerability in Microsoft Purview by sending a crafted JSON payload to a target URL via a POST request. The script checks for successful exploitation based on the HTTP response code.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Purview

No auth needed

Prerequisites: bash · jq · curl · target URL · Purview URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21385

Scores

CVSS v3 8.8

EPSS 0.2444

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-918

Status published

Products (2)

Microsoft/Microsoft Purview -

microsoft/purview

Published Jan 09, 2025

Tracked Since Feb 18, 2026