A high-severity vulnerability has been identified in Microsoft Power Apps, which could allow an attacker with existing access to the network to execute malicious code. This flaw, resulting from improper authorization checks, poses a significant risk of data compromise and disruption to business processes that rely on the Power Platform. Organizations are urged to apply the necessary security updates from Microsoft immediately to mitigate the threat of a system takeover.

This vulnerability stems from an improper authorization flaw within the Microsoft Power Apps service. An attacker who has already authenticated to the environment can send a specially crafted request over the network to a vulnerable Power Apps endpoint. The system fails to correctly validate the attacker's permissions for the requested action, leading to the execution of arbitrary code with the privileges of the Power Apps service account, resulting in a full compromise of the application environment.

This vulnerability is rated as High severity with a CVSS score of 8. Successful exploitation could lead to a complete compromise of the affected Power Apps applications and their underlying data sources. The business impact includes the potential for exfiltration of sensitive corporate data, manipulation or destruction of critical business information, and disruption of automated workflows essential for operations. Furthermore, a compromised Power Apps instance could be used as a foothold to launch further attacks against other connected systems within the organization's network.

Immediate Action: Apply the security updates released by Microsoft across all affected Power Platform environments without delay. After patching, it is crucial to monitor for any signs of exploitation attempts by reviewing application and network access logs for anomalous activity preceding the update.

Proactive Monitoring: Security teams should actively monitor Power Platform and Azure audit logs for unusual API calls, unexpected modifications to Power Apps, or changes to data connectors, especially from low-privileged user accounts. Network monitoring should focus on identifying anomalous outbound traffic originating from the Power Platform infrastructure that could indicate data exfiltration.

Compensating Controls: If immediate patching is not feasible, organizations should implement compensating controls. This includes enforcing the principle of least privilege by rigorously reviewing and restricting user permissions within the Power Platform. Additionally, enhancing network segmentation to isolate Power Platform services and deploying a properly configured Web Application Firewall (WAF) may help detect or block exploit attempts.

Public Exploit Available: false

Given the high severity (CVSS 8) and the potential for remote code execution, this vulnerability presents a critical risk to the organization. Although this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its impact makes it an attractive target for attackers. We strongly recommend that all system administrators prioritize the immediate deployment of the vendor-supplied security updates to all Microsoft Power Apps environments. This action is the most effective way to prevent the potential compromise of sensitive data and critical business applications.