CVE-2026-25925

Published February 9th, 2026

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0.

modery/PowerDocu

Generate technical documentation from your existing Power Platform solutions, including Flows, apps, agents, Dataverse tables, and more

GitHub

623