high

Burning Data with Malicious Firewall Rules in Azure SQL

Published Tue, Apr 15th, 2025
Platforms

Summary

Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.

Affected Services

Azure SQL Server

Remediation

None required. Microsoft has fully patched the vulnerability as of April 09, 2025.

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Mon, Aug 5th, 2024
Exploitablity Period
Until 2025/04/09
Known ITW Exploitation
-
Detection Methods
Monitor for unusual firewall rule creation or modification in Azure SQL Servers, especially rules with suspicious names or IP ranges of 0.0.0.0.
Piercing Index Rating
-
Discovered by
Coby Abrams, Varonis Threat Labs

More vulnerabilities...

high

Path Traversal in AWS SSM Agent Plugin ID Validation

A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to ...

...
Elad Beber, Cymulate

medium

ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run

An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without explicit registry access could deploy new revisions of Cloud Run services that pulled private containe...

...
Liv Matan, Tenable

critical

CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret

A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code in repositories using CodeQL, potentially leading to source code exfiltration, secrets c...

...
John Stawinski, Praetorian

View all