CVE-2023-32052
Published: 11 July 2023
Summary
CVE-2023-32052 is a medium-severity SSRF (CWE-918) vulnerability in Microsoft Power Apps. Its CVSS base score is 5.4 (Medium).
Operationally, ranked in the top 32.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft Power Apps (online) contains a spoofing vulnerability tracked as CVE-2023-32052 and assigned CWE-918. The flaw received a CVSS 3.1 base score of 5.4 reflecting network attack vector, low attack complexity, and low privileges required, with partial impact to confidentiality and integrity but no availability effect.
An authenticated user with low privileges can send crafted requests that cause the Power Apps service to perform unauthorized actions on the attacker's behalf, enabling limited spoofing of requests or data. No user interaction is needed, and the attack can be launched remotely over the network.
The official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32052 provides the authoritative guidance on available updates or configuration changes. Exploitation probability remained low after the July 2023 disclosure but rose materially to a peak of 0.0741 in January 2025 before receding to the current value of 0.0054, indicating a period of increased interest well after public release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-36339
Vulnerability details
Microsoft Power Apps (online) Spoofing Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.