CVE-2025-29972

CRITICAL

Azure Storage Resource Provider - SSRF

Title source: llm

Description

Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network.

Exploits (3)

nomisec WORKING POC 2 stars
by ThemeHackers · poc
https://github.com/ThemeHackers/CVE-2025-29972
nomisec WORKING POC 1 stars
by TH-SecForge · poc
https://github.com/TH-SecForge/CVE-2025-29972
gitlab WORKING POC
by ThemeHackers · poc
https://gitlab.com/ThemeHackers/CVE-2025-29972

References (1)

Scores

CVSS v3 9.9
EPSS 0.0446
EPSS Percentile 88.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-918
Status published

Affected Products (1)

microsoft/azure_storage_resource_provider

Timeline

Published May 08, 2025
Tracked Since Feb 18, 2026