CVE-2025-29817 is a vulnerability classified under CWE-427 (Uncontrolled Search Path Element) found in Microsoft Power Automate for Desktop version 1.0.0.0. This vulnerability arises because the application improperly controls the directories it searches when loading resources or executables. An attacker with authorized access can manipulate the search path to cause the application to load malicious or unintended files, leading to unauthorized disclosure of sensitive information over a network. The vulnerability requires the attacker to have privileges on the system and involves user interaction, such as triggering a specific automated workflow. The CVSS v3.1 score is 5.7 (medium), reflecting the moderate impact on confidentiality without affecting integrity or availability. The attack vector is network-based with low complexity, but privileges and user interaction are required. No patches or known exploits are currently available, but the vulnerability has been publicly disclosed and assigned by Microsoft. The flaw could be exploited in environments where Power Automate workflows automate sensitive processes, potentially leaking confidential data if the search path is manipulated by an attacker.

For European organizations, the primary impact is the potential unauthorized disclosure of sensitive information processed or stored by Power Automate workflows. This could include business-critical data, personally identifiable information (PII), or intellectual property. Since Power Automate is often used to automate enterprise processes, exploitation could undermine confidentiality and compliance with data protection regulations such as GDPR. Although integrity and availability are not directly affected, information leakage can lead to reputational damage, regulatory penalties, and increased risk of follow-on attacks. The requirement for authorized access and user interaction limits the attack scope but does not eliminate risk in environments with many privileged users or where social engineering is feasible. Organizations in sectors relying heavily on automation and Microsoft ecosystems, such as finance, healthcare, and government, may face elevated risks.

1. Monitor for updates from Microsoft and apply patches immediately once released for Power Automate for Desktop. 2. Restrict and audit user privileges to minimize the number of users with the ability to exploit the vulnerability. 3. Implement strict environment and path controls, ensuring that search paths used by Power Automate workflows do not include untrusted or user-writable directories. 4. Use application whitelisting and endpoint protection solutions to detect and block unauthorized file executions or modifications in directories involved in the search path. 5. Educate users about the risks of social engineering and the importance of cautious interaction with automated workflows. 6. Conduct regular security assessments of automated workflows to identify and remediate insecure configurations or dependencies. 7. Employ network segmentation to limit the exposure of systems running Power Automate to untrusted networks.