Vulnérabilité d'exécution de code à distance dans Microsoft Power Automate
Plateforme
windows
Composant
power-automate-for-desktop
Corrigé dans
2.52.62.25009
CVE-2025-21187 is a Remote Code Execution (RCE) vulnerability affecting Microsoft Power Automate for Desktop. This vulnerability allows an attacker to execute arbitrary code on a victim's system, potentially leading to complete system compromise. The vulnerability impacts versions 1.0.0.0 through 2.52.62.25009, and a fix is available in version 2.52.62.25009.
Impact et Scénarios d'Attaquetraduction en cours…
Successful exploitation of CVE-2025-21187 allows an attacker to execute arbitrary code within the context of the Power Automate for Desktop process. This could involve downloading and executing malicious payloads, installing malware, or gaining persistent access to the system. The attacker could potentially steal sensitive data, modify system configurations, or even pivot to other systems on the network. Given Power Automate for Desktop's automation capabilities, an attacker could leverage this vulnerability to automate malicious actions across multiple endpoints, significantly expanding the blast radius.
Contexte d'Exploitationtraduction en cours…
CVE-2025-21187 was publicly disclosed on January 14, 2025. Exploitation context and probability are currently assessed as medium, pending the release of public proof-of-concept exploits. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Qui Est à Risquetraduction en cours…
Organizations heavily reliant on Power Automate for Desktop for unattended automation tasks are particularly at risk. This includes environments where automation flows interact with sensitive data or critical systems. Users with administrative privileges on systems running Power Automate for Desktop are also at higher risk, as they may be able to execute malicious code with elevated privileges.
Étapes de Détectiontraduction en cours…
• windows / supply-chain:
Get-Process -Name 'PowerAutomateDesktop.exe' -ErrorAction SilentlyContinue |
Where-Object {$_.Modules -match 'malicious_module_name'}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*PowerAutomate*'} | Format-List TaskName, Actions• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath '//Event[System[Provider[@Name='Microsoft-Windows-PowerAutomateDesktop']]]' | Format-List -Property TimeCreated, MessageChronologie de l'Attaque
- Disclosure
disclosure
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
0.46% (percentile 64%)
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Local — l'attaquant a besoin d'une session locale ou d'un shell sur le système.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Aucun — sans authentification. Aucune identifiant requis pour exploiter.
- User Interaction
- Requise — la victime doit ouvrir un fichier, cliquer sur un lien ou visiter une page.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Élevé — panne complète ou épuisement des ressources. Déni de service total.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2025-21187 is to upgrade to Power Automate for Desktop version 2.52.62.25009 or later. If upgrading immediately is not feasible, consider restricting network access to Power Automate for Desktop processes and carefully reviewing any unattended automation flows for suspicious activity. Implement application control policies to prevent the execution of unauthorized code. After upgrading, confirm the fix by attempting to trigger the vulnerable functionality and verifying that code execution is prevented.
Comment corrigertraduction en cours…
Actualice Microsoft Power Automate for Desktop a la versión 2.52.62.25009 o posterior. Esto solucionará la vulnerabilidad de ejecución remota de código.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2025-21187 — RCE in Power Automate for Desktop?
CVE-2025-21187 is a Remote Code Execution vulnerability in Microsoft Power Automate for Desktop allowing attackers to execute arbitrary code. It has a HIGH severity rating and affects versions 1.0.0.0–2.52.62.25009.
Am I affected by CVE-2025-21187 in Power Automate for Desktop?
You are affected if you are using Power Automate for Desktop versions 1.0.0.0 through 2.52.62.25009. Check your installed version and upgrade if necessary.
How do I fix CVE-2025-21187 in Power Automate for Desktop?
Upgrade to Power Automate for Desktop version 2.52.62.25009 or later to remediate the vulnerability. Consider restricting network access and reviewing automation flows as interim measures.
Is CVE-2025-21187 being actively exploited?
Exploitation activity is currently being monitored, and the probability is assessed as medium. Stay informed about security advisories and threat intelligence updates.
Where can I find the official Microsoft advisory for CVE-2025-21187?
Refer to the official Microsoft security advisory for CVE-2025-21187 on the Microsoft Security Response Center website.
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.