CVE-2025-24986: Azure PromptFlow remote code execution related to Jinja templates
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
References
- github.com/advisories/GHSA-gprr-v9f2-px3c
- github.com/microsoft/promptflow
- github.com/microsoft/promptflow/commit/5f4a41ab4cb15607ade7f26138b0b863b4e4eb0a
- github.com/microsoft/promptflow/commit/625061724c51533d28fe6e0e3014b1042afdb07f
- msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24986
- nvd.nist.gov/vuln/detail/CVE-2025-24986
Detect and mitigate CVE-2025-24986 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →