Seattle, February 4, 2025 –A critical Microsoft SharePoint Connector flaw in the Power Platform put millions of credentials at risk. Hackers could have exploited it to steal user tokens, escalate access, and infiltrate corporate networks.
In a shocking revelation, cybersecurity researchers have uncovered a high-risk vulnerability in Microsoft’s Power Platform SharePoint Connector, potentially exposing sensitive corporate credentials.
The flaw, classified as a Server-Side Request Forgery (SSRF) exploit, could have allowed hackers to impersonate users, steal SharePoint access tokens, and compromise entire organizations.
Dmitry Lozovoy, Senior Security Researcher at Zenity Labs said:
This flaw gave attackers a direct pathway to infiltrate critical Power Platform services like Power Apps, Copilot 365, and Power Automate. It widened the attack surface dramatically.
The vulnerability, which persisted until December 13, 2024, was first reported to Microsoft in September 2024. During this window, organizations relying on Microsoft’s low-code development tools were exposed to severe security risks.
Cybercriminals could have leveraged the flaw to access SharePoint APIs, extract confidential data, and even embed malicious applications into Microsoft Teams. A cybersecurity expert at Binary Security warned:
This is yet another wake-up call for enterprises. The interconnected nature of Microsoft’s ecosystem means a single exploit can wreak havoc on multiple services.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.
