Information Disclosure Vulnerability in Microsoft Power Automate
CVE-2025-29817

5.7MEDIUM

Key Information:

Vendor: Microsoft
Status: Power Automate For Desktop
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-29817?

An information disclosure vulnerability exists in Microsoft Power Automate that allows an authorized user to disclose sensitive information over a network due to an uncontrolled search path element. This vulnerability may expose configuration details and other private information, putting user data at risk. Users are urged to implement security measures to mitigate potential threats.

Affected Version(s)

Power Automate for Desktop Unknown 1.0.0.0 < 2.51.349.24355

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 11, 2025