CVE-2025-30387: Critical Path Traversal in Azure AI Document Intelligence Studio

Overview

CVE-2025-30387 is a critical vulnerability affecting Microsoft Azure AI Document Intelligence Studio (on-premises). Discovered in versions from 1.0.0 up to (but not including) 1.0.03019.1-official-7241c17a, this flaw allows unauthorized attackers to escalate privileges remotely by exploiting a path traversal weakness.

What is Path Traversal?

Path Traversal, categorized under CWE-22, occurs when attackers manipulate file paths in input fields to access files or directories outside the intended scope. This can result in unauthorized access to system files, configuration data, or in this case, elevation of privilege within the affected application.

Technical Details

The issue stems from improper validation of user-supplied file paths in the Document Intelligence Studio On-Prem edition. An attacker on the network can exploit this by crafting specially formed paths to escape restricted directories and access sensitive files or execute unauthorized actions.

This vulnerability has been scored with a CVSS v3.1 base score of 9.8 (Critical) and is described by the following vector:

• Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope: Unchanged
• Impact: High for Confidentiality, Integrity, and Availability

SSVC Assessment

According to the CISA Stakeholder-Specific Vulnerability Categorization (SSVC):

• No exploitation has been observed yet
• The attack is automatable
• The technical impact is considered total

While not currently exploited, the vulnerability poses significant risk due to its ease of exploitation and potential for full system compromise.

Mitigation

Microsoft has addressed the issue in version 1.0.03019.1-official-7241c17a of Azure AI Document Intelligence Studio. Organizations using earlier versions should:

• Upgrade to the latest patched release immediately
• Restrict network access to the affected service
• Review audit logs for any signs of unusual file access or privilege elevation attempts

References

• Microsoft Security Advisory for CVE-2025-30387

This case underlines the importance of thorough input validation and timely patching, especially in on-prem environments that may be less frequently updated.