Information Disclosure in Microsoft Dynamics Business Central
CVE-2025-29821
5.5MEDIUM
Key Information:
Summary
Improper input validation in Microsoft Dynamics Business Central enables authorized attackers to disclose sensitive information locally. This vulnerability arises when the system fails to adequately validate user inputs, potentially exposing confidential data to unintended users. Organizations using affected versions must apply the appropriate security updates to mitigate the risk.
Affected Version(s)
Microsoft Dynamics 365 Business Central 2023 Wave 2 Unknown 23.0 < 23.18.32409
Microsoft Dynamics 365 Business Central 2024 Wave 1 2024 Unknown 24.0 < 24.12.32447.0
Microsoft Dynamics 365 Business Central 2024 Wave 2 Unknown 25.0 < 25.6.32556
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved