{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64675", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-11-06T23:40:37.277Z", "datePublished": "2025-12-18T23:15:31.241Z", "dateUpdated": "2026-04-16T14:19:06.437Z"}, "containers": {"cna": {"title": "Azure Cosmos DB Spoofing Vulnerability", "datePublic": "2025-12-18T08:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:cosmos_db:*:*:*:*:*:*:*:*", "versionStartIncluding": "-"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Cosmos DB", "versions": [{"version": "-", "status": "affected"}]}], "descriptions": [{"value": "Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en-US", "type": "CWE", "cweId": "CWE-79"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:19:06.437Z"}, "references": [{"name": "Azure Cosmos DB Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64675"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C"}}], "tags": ["exclusively-hosted-service"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-19T15:12:30.761616Z", "id": "CVE-2025-64675", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-19T15:12:40.161Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64675", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-19T15:12:30.761616Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-19T15:12:36.368Z"}}], "cna": {"tags": ["exclusively-hosted-service"], "title": "Azure Cosmos DB Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Cosmos DB", "versions": [{"status": "affected", "version": "-"}]}], "datePublic": "2025-12-18T08:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64675", "name": "Azure Cosmos DB Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:cosmos_db:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "-"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-02-20T15:59:42.938Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64675", "state": "PUBLISHED", "dateUpdated": "2026-02-20T15:59:42.938Z", "dateReserved": "2025-11-06T23:40:37.277Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-12-18T23:15:31.241Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_cosmos_db:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E7E9C60-1563-425D-AAE9-787A67AF6954", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "secure@microsoft.com", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network."}], "id": "CVE-2025-64675", "lastModified": "2026-01-16T17:25:03.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-12-19T00:15:52.933", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64675"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T15:36:54.263709+00:00", "value": {"mitigation_remediation": ["Check for and install the latest Microsoft patch for Azure Cosmos DB as soon as it becomes available.", "Apply strict input validation and output encoding to any data that may be displayed on web pages, following XSS mitigation guidelines associated with CWE\u201179.", "Deploy a web application firewall or Azure Front Door rule set to detect and block suspicious script payloads and monitor HTTP traffic for signs of injection attempts."], "summary": {"action": "Apply patch", "impact": "Cross\u2011Site Scripting leading to user spoofing"}, "threat_synthesis": {"affected_systems": "The affected product is Microsoft Azure Cosmos DB. No specific affected version ranges are listed in the advisory; administrators should verify that their deployment is running a version that has received the latest security update from Microsoft.", "description_and_impact": "Azure Cosmos DB contains an improper neutralization of input during web page generation. This cross\u2011site scripting flaw allows an attacker to inject malicious scripts that are rendered in a web page context and executed by browsers of legitimate users, enabling the attacker to forge UI elements or impersonate other users. The vulnerability is identified as CWE\u201179 and primarily threatens the integrity and trust of user interfaces rather than directly compromising data confidentiality or availability.", "risk_and_exploitability": "The CVSS score of 8.3 classifies this as a high\u2011severity vulnerability. The EPSS score of less than 1% suggests a very low likelihood of widespread exploitation, and the vulnerability is not currently listed in the CISA KEV catalog. An attacker would need to send specially crafted input to Azure Cosmos DB that is subsequently reflected in a web page viewed by a user. Once the malicious script runs, the attacker can perform spoofing actions such as framing or deceiving users. Because the exploitation path requires network access to the database service, it is not trivially deployable but remains a serious risk for exposed instances."}}}}, "created": "2026-04-20T15:45:10.379140+00:00", "updated": "2026-04-20T15:45:10.379162+00:00", "vendors": []}