Moderate severityNVD Advisory· Published Mar 11, 2025· Updated Feb 13, 2026
Azure Promptflow Remote Code Execution Vulnerability
CVE-2025-24986
Description
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
promptflow-toolsPyPI | < 1.6.0 | 1.6.0 |
promptflow-corePyPI | < 1.17.2 | 1.17.2 |
Affected products
4- ghsa-coords2 versions
< 1.17.2+ 1 more
- (no CPE)range: < 1.17.2
- (no CPE)range: < 1.6.0
1.0.0+ 1 more
- (no CPE)range: 1.0.0
- (no CPE)range: 1.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-gprr-v9f2-px3cghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24986ghsavendor-advisorypatchWEB
- nvd.nist.gov/vuln/detail/CVE-2025-24986ghsaADVISORY
- github.com/microsoft/promptflow/commit/5f4a41ab4cb15607ade7f26138b0b863b4e4eb0aghsaWEB
- github.com/microsoft/promptflow/commit/625061724c51533d28fe6e0e3014b1042afdb07fghsaWEB
News mentions
0No linked articles in our index yet.