Microsoft
CVE-2025-24986
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 pypi packages depend on promptflow-core (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 1.17.2.
DescriptionCVE.org
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
AnalysisAI
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. [CVSS 6.5 MEDIUM]
Technical ContextAI
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
Affected ProductsAI
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-653 – Improper Isolation or Compartmentalization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-gprr-v9f2-px3c