What is CVE-2025-47733 — Information Disclosure in Microsoft Power Apps?

CVE-2025-47733 is a critical SSRF vulnerability in Microsoft Power Apps that allows unauthorized attackers to disclose information over a network by manipulating application requests.

Am I affected by CVE-2025-47733 in Microsoft Power Apps?

You are affected if you are using Microsoft Power Apps versions prior to the fixed version. Check your version and upgrade immediately.

How do I fix CVE-2025-47733 in Microsoft Power Apps?

Upgrade Microsoft Power Apps to the fixed version. Implement network segmentation and strict input validation as interim measures.

Is CVE-2025-47733 being actively exploited?

While no public exploits are currently available, the vulnerability's nature suggests a high likelihood of exploitation. Monitor your environment closely.

Where can I find the official Microsoft advisory for CVE-2025-47733?

Refer to the official Microsoft Security Update Guide for CVE-2025-47733 for detailed information and the fixed version.

CVE-2025-47733 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2025-47733 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• windows / dotnet: Monitor Power Apps logs for outbound requests to unexpected internal or external IP addresses or domains. Use PowerShell to check for unusual network connections initiated by Power Apps processes.

Get-Process -Name "PowerAppsService" | ForEach-Object { Get-NetTCPConnection -OwningProcess $_.Id }

• generic web: Monitor web server access logs for requests originating from Power Apps that target internal resources. Examine response headers for signs of SSRF exploitation (e.g., unusual server names or IP addresses). • database (mysql, redis, mongodb, postgresql): While less direct, monitor database logs for unusual connection attempts or queries originating from Power Apps, which could indicate an attacker attempting to leverage SSRF to access database information.

Microsoft Power Apps Informatie Openbaarmaking Vulnerabiliteit

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpen

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2025-47733 — Information Disclosure in Microsoft Power Apps?

Am I affected by CVE-2025-47733 in Microsoft Power Apps?

How do I fix CVE-2025-47733 in Microsoft Power Apps?

Is CVE-2025-47733 being actively exploited?

Where can I find the official Microsoft advisory for CVE-2025-47733?

Is jouw project getroffen?

Detecteer deze CVE in je project