4 matches found
CVE-2025-29817
CVE-2025-29817 affects Microsoft Power Automate Desktop. The issue is an uncontrolled search path element in Power Automate that an authorized attacker can exploit to disclose information over a network, with Confidentiality impact HIGH per CVSS. The Connected sources (Microsoft MSRC entry and co...
CVE-2025-21187
CVE-2025-21187 corresponds to a Microsoft Power Automate Remote Code Execution vulnerability. Connected sources indicate exploitation requires a user to open a rogue file, enabling code execution in the caller’s context. A fix has been released and Microsoft states the vulnerability was addressed...
CVE-2025-47966
CVE-2025-47966 affects Microsoft Power Automate. The vulnerability is described as an exposure of sensitive information to an unauthenticated actor that could elevate privileges over a network. The issue is rated CVSSv3.1 base score 9.8 (critical), with attack vector: NETWORK, attack complexity: ...
CVE-2026-40374
CVE-2026-40374 concerns Exposure of sensitive information to an unauthorized actor in Power Automate Desktop. The connected documents indicate an information disclosure vulnerability affecting Power Automate Desktop, with a CVSS v3.1 base score of 6.5 (NETWORK, LOW attack complexity, PRIVILEGES R...