Server-Side Request Forgery in Microsoft Power Apps
CVE-2025-47733

9.1CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Power Apps
Vendor: CVE Published:; 8 May 2025

What is CVE-2025-47733?

A vulnerability in Microsoft Power Apps allows an attacker to exploit Server-Side Request Forgery (SSRF) to gain unauthorized access to sensitive information over a network. This could potentially lead to data leaks and compromise user privacy. Users of Power Apps should remain vigilant and apply security updates to mitigate the risk associated with this vulnerability. For detailed information, you can refer to the Microsoft advisory linked.

Affected Version(s)

Microsoft Power Apps Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
May 8, 2025