Impact
Based on the description, it is inferred that the vulnerability arises when the library deserializes untrusted data, which allows an attacker with authorized network access to craft a malicious payload that the library processes, leading to arbitrary code execution on the host where the library runs. This weakness is classified as CWE-502, indicating that untrusted input is processed without adequate validation.
Affected Systems
Based on the vendor and product listing, it is inferred that all installations matching the generic package name azure_core_shared_client_library or the Python‑specific distribution azure_core_shared_client_library_for_python are potentially vulnerable. The Azure Core shared client library for Python, as identified under Microsoft’s product records, is affected. Specific affected revisions are not listed in the record, so users should verify the library version in use and consider upgrading.
Risk and Exploitability
Based on the description, it is inferred that the likelihood of exploitation requires an attacker with authorized access to network traffic that can deliver a crafted payload to the library. The CVSS score of 7.5 marks this as a high‑severity issue, while the EPSS score of 1% indicates a modest likelihood of exploitation at this time. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires authorized network access and does not facilitate unauthenticated or remote code execution without some level of network connectivity to the target service.
OpenCVE Enrichment
Github GHSA