CVE-2025-24986

Summary

Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.

Affected Software

VendorProductVersion RangeStatus
MicrosoftAzure promptflow-core1.0.0 < 1.17.2affected
MicrosoftAzure promptflow-tools1.0.0 < 1.6.0affected

Weaknesses

  • CWE-653: CWE-653: Improper Isolation or Compartmentalization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References