Severity
High
Analysis Summary
CVE-2025-47733 CVSS:9.1
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network.
CVE-2025-29827 CVSS:9.9
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
CVE-2025-47732 CVSS:8.7
Microsoft Dataverse Remote Code Execution Vulnerability
CVE-2025-33072 CVSS:8.1
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
CVE-2025-29813 CVSS:10
An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.
CVE-2025-29972 CVSS:9.9
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
Impact
- Gain Access
- Privilege Escalation
- Code Execution
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-47733
CVE-2025-29827
CVE-2025-47732
CVE-2025-33072
CVE-2025-29813
CVE-2025-29972
Affected Vendors
- Microsoft
Affected Products
- Microsoft Azure Automation
- Microsoft Azure DevOps
- Microsoft Dataverse
- Microsoft Power Apps
- Microsoft msagsfeedback.azurewebsites.net
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches