Information Disclosure Vulnerability in Microsoft Dynamics 365 by Microsoft
CVE-2025-53728

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-53728?

An information disclosure vulnerability in Microsoft Dynamics 365 (On-Premises) could allow unauthorized users to access sensitive data over a network. This exposure enables attackers to intercept confidential information, leading to potential data breaches. Organizations using this product must implement necessary security measures to mitigate risks associated with unauthorized access.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 9.1.39

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jul 9, 2025