Remote Code Execution Vulnerability in Microsoft Dataverse
CVE-2025-29807

8.7HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dataverse
Vendor: CVE Published:; 21 March 2025

What is CVE-2025-29807?

An identified vulnerability in Microsoft Dataverse allows an authorized attacker to execute arbitrary code on the server through the deserialization of untrusted data. This can enable the attacker to leverage network capabilities to compromise the integrity and availability of the application. Prompt updates are recommended to safeguard against potential exploitation.

Affected Version(s)

Microsoft Dataverse Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 21, 2025