CVE-2025-47733 CRITICAL

CVE-2025-47733: Microsoft Power Apps Information Disclosure Vulnerability

Vendor Microsoft
Product Microsoft Power Pages
Weakness CWE-918 · SSRF
Published May 8, 2025
Last update February 13, 2026
View on NVD All CVEs

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network

Key dates

02Disclosure timeline

May 8, 2025 CVE published
February 13, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-58829 WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.3.3 - Server Side Request Forgery (SSRF) vulnerability CVE-2026-3286 itwanger paicoding Image Save Endpoint ImageRestController.java save server-side request forgery CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration CVE-2025-21177 Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability CVE-2023-1046 MuYuCMS getFile.html server-side request forgery