Primary

Context

Microsoft Power Automate Desktop Uncontrolled Search Path Element Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in Power Automate for Desktop due to an uncontrolled search path element. This flaw allows an authorized attacker to disclose information over a network, potentially including NTLM hashes.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, specifically NTLM hash values.

Remediation

Users can apply the official security update available through the Microsoft Store to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Power Automate Desktop Uncontrolled Search Path Element Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Power Automate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating