Analysis Summary

CVE-2025-47733 CVSS:9.1

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network.

CVE-2025-29827 CVSS:9.9

Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

CVE-2025-47732 CVSS:8.7

Microsoft Dataverse Remote Code Execution Vulnerability

CVE-2025-33072 CVSS:8.1

Improper access control in Azure allows an unauthorized attacker to disclose information over a network.

CVE-2025-29813 CVSS:10

An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.

CVE-2025-29972 CVSS:9.9

Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.

Impact

• Gain Access
• Privilege Escalation
• Code Execution
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2025-47733

• CVE-2025-29827

• CVE-2025-47732

• CVE-2025-33072

• CVE-2025-29813

• CVE-2025-29972

Affected Vendors

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches

CVE-2025-47733

CVE-2025-29827

CVE-2025-47732

CVE-2025-33072

CVE-2025-29813

CVE-2025-29972