ByteOS Network

NVD Vulnerability Details :

CVE-2025-21187

Analyzed

Source-secure@microsoft.com

Published At-14 Jan, 2025 | 18:15

Updated At-05 Feb, 2025 | 19:14

Microsoft Power Automate Remote Code Execution Vulnerability

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

>>power_automate_for_desktop>>Versions from 2.46(inclusive) to 2.46.184.25013(exclusive)

>>power_automate_for_desktop>>Versions from 2.47(inclusive) to 2.47.126.25010(exclusive)

>>power_automate_for_desktop>>Versions from 2.48(inclusive) to 2.48.164.25010(exclusive)

>>power_automate_for_desktop>>Versions from 2.49(inclusive) to 2.49.182.25010(exclusive)

>>power_automate_for_desktop>>Versions from 2.50(inclusive) to 2.50.139.25010(exclusive)

>>power_automate_for_desktop>>Versions from 2.51(inclusive) to 2.51.349.24355(exclusive)

CWE ID	Type	Source
CWE-94	Secondary	secure@microsoft.com
NVD-CWE-noinfo	Primary	nvd@nist.gov

Hyperlink	Source	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21187	secure@microsoft.com	Vendor Advisory