Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises)
CVE-2025-49745

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-49745?

An improper neutralization of input during web page generation in Microsoft Dynamics 365 (On-Premises) can potentially allow an unauthorized attacker to exploit cross-site scripting vulnerabilities. This could enable the attacker to perform spoofing attacks over a network, potentially compromising sensitive user data and system integrity.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 9.1.38.10

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jun 9, 2025