CVE-2025-29817

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-29817
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.

5.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29817 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:power_automate_for_desktop:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-04-15 17:15

Updated : 2025-07-08 16:26

NVD link : CVE-2025-29817

Mitre link : CVE-2025-29817

CVE.ORG link : CVE-2025-29817

JSON object : View

Products Affected

microsoft

  • power_automate_for_desktop
CWE
CWE-427

Uncontrolled Search Path Element