Cyber Resilience

CVE-2024-35260

High

Published: 27 June 2024

Published
27 June 2024
Modified
03 February 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0686 91.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-35260 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Microsoft Power Platform. Its CVSS base score is 8.0 (High).

Operationally, ranked in the top 8.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

An untrusted search path vulnerability tracked as CVE-2024-35260 affects Microsoft Dataverse. The flaw, assigned CWE-426, permits an attacker to influence executable search paths and was disclosed on 27 June 2024 with a CVSS 3.1 base score of 8.0 reflecting network attack vector, high complexity, high privileges required, no user interaction, and changed scope with high impact on confidentiality, integrity, and availability.

An authenticated attacker with high privileges can exploit the issue remotely over a network to achieve arbitrary code execution. The attack requires the attacker to already possess valid credentials and to arrange malicious components in a location that the Dataverse process will load, resulting in full compromise of the affected service instance.

Microsoft has published official guidance and remediation details in its Security Response Center update guide for this vulnerability. The current and peak EPSS scores remain at 0.0686 with no material increase observed since disclosure.

EU & UK References

Vulnerability details

An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
power platform
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References