プラットフォーム
windows
コンポーネント
power-automate-for-desktop
修正版
2.52.62.25009
CVE-2025-21187 is a Remote Code Execution (RCE) vulnerability affecting Microsoft Power Automate for Desktop. This vulnerability allows an attacker to execute arbitrary code on a victim's system, potentially leading to complete system compromise. The vulnerability impacts versions 1.0.0.0 through 2.52.62.25009, and a fix is available in version 2.52.62.25009.
Successful exploitation of CVE-2025-21187 allows an attacker to execute arbitrary code within the context of the Power Automate for Desktop process. This could involve downloading and executing malicious payloads, installing malware, or gaining persistent access to the system. The attacker could potentially steal sensitive data, modify system configurations, or even pivot to other systems on the network. Given Power Automate for Desktop's automation capabilities, an attacker could leverage this vulnerability to automate malicious actions across multiple endpoints, significantly expanding the blast radius.
CVE-2025-21187 was publicly disclosed on January 14, 2025. Exploitation context and probability are currently assessed as medium, pending the release of public proof-of-concept exploits. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Organizations heavily reliant on Power Automate for Desktop for unattended automation tasks are particularly at risk. This includes environments where automation flows interact with sensitive data or critical systems. Users with administrative privileges on systems running Power Automate for Desktop are also at higher risk, as they may be able to execute malicious code with elevated privileges.
• windows / supply-chain:
Get-Process -Name 'PowerAutomateDesktop.exe' -ErrorAction SilentlyContinue |
Where-Object {$_.Modules -match 'malicious_module_name'}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*PowerAutomate*'} | Format-List TaskName, Actions• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath '//Event[System[Provider[@Name='Microsoft-Windows-PowerAutomateDesktop']]]' | Format-List -Property TimeCreated, Messagedisclosure
エクスプロイト状況
EPSS
0.46% (64% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-21187 is to upgrade to Power Automate for Desktop version 2.52.62.25009 or later. If upgrading immediately is not feasible, consider restricting network access to Power Automate for Desktop processes and carefully reviewing any unattended automation flows for suspicious activity. Implement application control policies to prevent the execution of unauthorized code. After upgrading, confirm the fix by attempting to trigger the vulnerable functionality and verifying that code execution is prevented.
Actualice Microsoft Power Automate for Desktop a la versión 2.52.62.25009 o posterior. Esto solucionará la vulnerabilidad de ejecución remota de código.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-21187 is a Remote Code Execution vulnerability in Microsoft Power Automate for Desktop allowing attackers to execute arbitrary code. It has a HIGH severity rating and affects versions 1.0.0.0–2.52.62.25009.
You are affected if you are using Power Automate for Desktop versions 1.0.0.0 through 2.52.62.25009. Check your installed version and upgrade if necessary.
Upgrade to Power Automate for Desktop version 2.52.62.25009 or later to remediate the vulnerability. Consider restricting network access and reviewing automation flows as interim measures.
Exploitation activity is currently being monitored, and the probability is assessed as medium. Stay informed about security advisories and threat intelligence updates.
Refer to the official Microsoft security advisory for CVE-2025-21187 on the Microsoft Security Response Center website.