CVE-2025-21187

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
14/01/2025
Last modified:
05/02/2025

Description

Microsoft Power Automate Remote Code Execution Vulnerability

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:microsoft:power_automate_for_desktop:*:*:*:*:*:*:*:* 2.46 (including) 2.46.184.25013 (excluding)
cpe:2.3:a:microsoft:power_automate_for_desktop:*:*:*:*:*:*:*:* 2.47 (including) 2.47.126.25010 (excluding)
cpe:2.3:a:microsoft:power_automate_for_desktop:*:*:*:*:*:*:*:* 2.48 (including) 2.48.164.25010 (excluding)
cpe:2.3:a:microsoft:power_automate_for_desktop:*:*:*:*:*:*:*:* 2.49 (including) 2.49.182.25010 (excluding)
cpe:2.3:a:microsoft:power_automate_for_desktop:*:*:*:*:*:*:*:* 2.50 (including) 2.50.139.25010 (excluding)
cpe:2.3:a:microsoft:power_automate_for_desktop:*:*:*:*:*:*:*:* 2.51 (including) 2.51.349.24355 (excluding)


References to Advisories, Solutions, and Tools