Home » Database

AVID-2026-R0044

Description

Azure Promptflow Remote Code Execution Vulnerability (CVE-2025-24986)

Details

Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.

References

Affected or Relevant Artifacts

  • Developer: Microsoft
  • Deployer: Microsoft
  • Artifact Details:
TypeName
SystemAzure promptflow-core
SystemAzure promptflow-tools

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
Base Score6.5
Base Severity🟠 Medium

CWE

IDDescription
CWE-653CWE-653: Improper Isolation or Compartmentalization

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2025-03-11
  • Version: 0.3.1
  • AVID Entry