Microsoft Azure Functions — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Azure Functions, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-49052 — CVSS 8.2 (high): Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a…
CVE-2024-38204 — CVSS 7.5 (high): Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
CVE-2025-33074 — CVSS 7.5 (high): Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
CVE-2020-16904 — CVSS 5.3 (medium): <p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who…