Information Disclosure Vulnerability in Microsoft Dynamics 365 by Microsoft
CVE-2025-62206

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-62206?

A vulnerability in Microsoft Dynamics 365 (on-premises) can lead to the exposure of sensitive information to unauthorized actors, enabling them to disclose confidential data over a network. This exposure may occur without requiring user interaction, potentially impacting the privacy and security of the affected systems. Organizations utilizing this product should take immediate action to understand the risks associated with this vulnerability and implement necessary security measures.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 9.1.41.07

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Oct 8, 2025

JSON