Azure SQL server vulnerability allowed creation of malicious destructive Firewall rules

Varonis Threat Labs has disclosed a significant security vulnerability in Azure SQL Server that could have caused data loss across Azure environments. The vulnerability, identified as "Destructive Stored URL Parameter Injection," allowed attackers to create malicious firewall rules that, when deleted through normal administrative actions, could trigger the deletion of arbitrary Azure resources.

Microsoft has now fully patched this vulnerability following a two-stage remediation process. The company issued a partial patch on August 30, 2024, and completed the fix with a full patch on April 9, 2025.

The Azure SQL Server cloud database services can have firewall rules configured to it to help control access to the server and data within. There are two layers of firewall rules: database-level firewall rules and server-level rules. All rules can be edited from the server using TSQL statements by calling the stored procedures sp_set_firewall_rule and sp_set_database_firewall_rule.

The security flaw exploited the mechanism in how Azure SQL Server handles firewall rule naming when rules are created using TSQL commands. Researchers discovered that server-level firewall rules created via the sp_set_firewall_rule stored procedure had no character limitations and lacked proper field sanitization. 

Attack Methods

The flaw allowed attackers to inject path traversal sequences into rule names.

When an administrator attempted to delete a maliciously named rule through the Azure Portal, the deletion request would include the rule name in the URL. If the rule name contained directory traversal sequences (such as "../"), the DELETE request would target parent resources instead of just the firewall rule itself.

For example, a rule named "../" would result in a DELETE request to the parent SQL Server resource, causing the entire server to be deleted rather than just the individual rule.

The researchers also discovered a method to conceal these malicious rules from administrators. By setting both the start and end IP addresses of the malicious rule to '0.0.0.0', the rule would appear in the Azure Portal as the "Allow Azure services to access this server" option. When an administrator unchecked this box (a common security practice), they would unwittingly trigger the hidden attack.

Attackers could create rules targeting resources well beyond the SQL Server itself. By using multiple directory traversal sequences, attackers could target any resource in the Azure tenant:

../../../../../../../<theResourceURL>?api-version=<relevant_version>#

To exploit this vulnerability, an attacker would need:

• Privileged access to an Azure SQL Server (either as the server-level principal login or an Entra ID principal assigned as a server admin)
• A victim with sufficient permissions to delete the targeted resources who would interact with the firewall rules

Attack scenarios could include:

1. An attacker gaining initial access to SQL Server credentials
2. Creating malicious firewall rules targeting critical resources
3. Potentially creating additional rules to encourage administrator interaction
4. Possibly launching phishing campaigns targeting IT professionals to manipulate them into disabling the "Allow Azure services" feature

While Azure SQL resources can often be recovered within certain timeframes, the vulnerability wasn't limited to SQL resources, potentially allowing widespread data destruction across an Azure tenant.

The vulnerability was disclosed to Microsoft on August 5, 2024, with the final patch released on April 9, 2025. According to Varonis, no action is required from current Azure customers as the vulnerability has been fully resolved.