June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Apple Products Vulnerabilities
April 28, 2025
Earth Kurma Targets Southeast Asia with Stealthy Espionage Campaign – Active IOCs
April 28, 2025
Multiple Apple Products Vulnerabilities
April 28, 2025
Earth Kurma Targets Southeast Asia with Stealthy Espionage Campaign – Active IOCs
April 28, 2025
Severity
Medium
Analysis Summary
CVE-2025-29817 CVSS:5.7
Microsoft Power Automate Desktop could allow a remote authenticated attacker to obtain sensitive information, cause by an uncontrolled search path element vulnerability. An attacker could exploit this vulnerability to disclose information over a network.
CVE-2025-32726 CVSS:6.8
Microsoft Visual Studio Code could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper access control vulnerability. An attacker could exploit this vulnerability to gain elevated privileges on the system.
Impact
- Information Disclosure
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-29817
CVE-2025-32726
Affected Vendors
- Microsoft
Affected Products
- Microsoft Power Automate for Desktop - 2.51.349.24355
- Microsoft Visual Studio Code - 1.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
