Multiple Microsoft Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-29817 CVSS:5.7

Microsoft Power Automate Desktop could allow a remote authenticated attacker to obtain sensitive information, cause by an uncontrolled search path element vulnerability. An attacker could exploit this vulnerability to disclose information over a network.

CVE-2025-32726 CVSS:6.8

Microsoft Visual Studio Code could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper access control vulnerability. An attacker could exploit this vulnerability to gain elevated privileges on the system.

Impact

Information Disclosure
Privilege Escalation

Indicators of Compromise

CVE

CVE-2025-29817
CVE-2025-32726

Affected Vendors

Microsoft

Affected Products

Microsoft Power Automate for Desktop - 2.51.349.24355
Microsoft Visual Studio Code - 1.0.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-29817

CVE-2025-32726

Multiple Apple Products Vulnerabilities

Earth Kurma Targets Southeast Asia with Stealthy Espionage Campaign – Active IOCs

Multiple Microsoft Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan