Microsoft Power Apps 信息泄露漏洞

攻击者可以利用此 SSRF 漏洞向 Power Apps 发送伪造的 HTTP 请求，从而访问内部网络资源或外部服务。攻击者可能能够访问数据库、API 或其他敏感系统，并从中窃取数据。此外，攻击者还可以利用此漏洞执行其他恶意操作，例如扫描内部网络、发起拒绝服务攻击或篡改数据。由于 Power Apps 广泛应用于企业应用开发，因此该漏洞的潜在影响非常大，可能导致数据泄露、业务中断和声誉损失。

Organizations heavily reliant on Microsoft Power Apps for business processes, particularly those integrating with internal systems or APIs, are at significant risk. Environments with weak network segmentation or inadequate input validation are especially vulnerable. Any deployment of Power Apps prior to the fixed version is potentially exposed.

• windows / dotnet: Monitor Power Apps logs for outbound requests to unexpected internal or external IP addresses or domains. Use PowerShell to check for unusual network connections initiated by Power Apps processes.

Get-Process -Name "PowerAppsService" | ForEach-Object { Get-NetTCPConnection -OwningProcess $_.Id }

• generic web: Monitor web server access logs for requests originating from Power Apps that target internal resources. Examine response headers for signs of SSRF exploitation (e.g., unusual server names or IP addresses). • database (mysql, redis, mongodb, postgresql): While less direct, monitor database logs for unusual connection attempts or queries originating from Power Apps, which could indicate an attacker attempting to leverage SSRF to access database information.

1. 2025-05-08Disclosure

   disclosure

1. 已保留2025-05-08
2. 发布日期2025-05-08
3. 修改日期2026-02-13
4. EPSS 更新日期2026-03-23

虽然微软尚未提供具体的修复版本，但可以采取一些缓解措施来降低风险。首先，限制 Power Apps 对外部资源的访问权限，使用网络隔离和防火墙规则来阻止未经授权的访问。其次，实施严格的身份验证和授权机制，确保只有授权用户才能访问敏感数据和资源。第三，定期审查 Power Apps 的配置和代码，查找潜在的安全漏洞。最后，监控 Power Apps 的活动日志，及时发现和响应可疑行为。建议使用 Web 应用防火墙 (WAF) 来过滤恶意请求，并配置 Power Apps 的连接器以限制其访问范围。