What the vulnerability does
01Description
Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network.
CVE-2025-29972
CRITICAL
CVE-2025-29972: Azure Storage Resource Provider Spoofing Vulnerability
CVSS base score
9.9/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Key dates
02Disclosure timeline
May 8, 2025
CVE published
February 26, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-5736 SSRF in AdmirorFrames Joomla! Extension
CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature
CVE-2026-35527 Incus blind SSRF via image import preflight HEAD request
CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt
CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs
