Microsoft Azure Ai Bot Service — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Azure Ai Bot Service, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-30392 — CVSS 9.8 (critical): Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-30389 — CVSS 8.7 (high): Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32174 — CVSS 7.7 (high): Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.