FAQ
What actions does a valid user have to take to be protected against this vulnerability? Update the image to the latest tag. User data and setting will not be affected by upgrading to the latest tag.
MSRC compact vulnerability detail
CVE-2025-30387 · Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
Signals
Azure
Elevation of Privilege
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Unlikely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
FAQ / Articles
FAQ
How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by bypassing authentication/authorization to access files located one directory above the intended file upload path.
Azure Elevation of Privilege Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
DI Studio Elevation of Privilege Vulnerability
What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially download the content of parent folder of the mounted path.