Server-Side Request Forgery in Microsoft Dynamics 365 Sales by Microsoft
CVE-2025-21177

8.7HIGH

Key Information:

Vendor: Microsoft
Status: Dynamics 365 Sales
Vendor: CVE Published:; 6 February 2025

What is CVE-2025-21177?

The server-side request forgery (SSRF) vulnerability in Microsoft Dynamics 365 Sales allows authorized attackers to manipulate requests sent from the server. By exploiting this flaw, attackers can potentially elevate privileges and gain unauthorized access to network resources, posing significant risks to data integrity and security. Organizations using this software should ensure they are patched against this vulnerability to mitigate potential threats.

Affected Version(s)

Dynamics 365 Sales Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Dec 5, 2024