CVE-2025-49715

| EUVD-2025-21174 HIGH
2025-06-20 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-21174
CVE Published
Jun 20, 2025 - 01:15 nvd
HIGH 7.5

Tags

Information Disclosure Microsoft Dynamics 365

Description

Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.

Analysis

CVE-2025-49715 is a private personal information disclosure vulnerability in Microsoft Dynamics 365 FastTrack Implementation Assets that allows unauthenticated network-based attackers to access sensitive user data without any user interaction. The vulnerability has a CVSS score of 7.5 (High) with confirmed high confidentiality impact, and affects organizations using Dynamics 365 FastTrack resources. Given the network-accessible nature and lack of authentication requirements, this poses significant risk to enterprise customer data security.

Technical Context

This vulnerability exists in Dynamics 365 FastTrack Implementation Assets, which are cloud-based resources supporting enterprise Microsoft Dynamics 365 deployments. The underlying issue is classified as CWE-359 (Privacy Violation), indicating improper access control over personally identifiable information (PII). The vulnerability stems from inadequate authorization checks that fail to prevent unauthorized disclosure of private data over network channels. FastTrack assets typically include implementation guides, templates, and configuration resources that may inadvertently contain or provide pathways to customer PII stored within linked Dynamics 365 environments. The attack vector is Network (AV:N) with Low Attack Complexity (AC:L), meaning no special network proximity is required and exploitation does not depend on target configuration nuances.

Affected Products

Microsoft Dynamics 365 FastTrack Implementation Assets (specific affected versions not provided in available data). Likely CPE pattern: cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:*:*:*:* with FastTrack implementation resource scope. Organizations using Dynamics 365 with FastTrack engagement programs are affected, particularly those who have uploaded or stored customer data within FastTrack resource repositories. The vulnerability affects all users of impacted FastTrack assets, exposing their PII regardless of Dynamics 365 instance configuration. No version-specific patch information available in provided data; Microsoft security advisories and the official Dynamics 365 security update guide should be consulted for precise affected versions and patch availability.

Remediation

Immediate actions: (1) Contact Microsoft Security Response Center (MSRC) or check the Microsoft Security Update Guide for CVE-2025-49715 to obtain specific patch versions and deployment timelines. (2) Audit all FastTrack Implementation Assets in use to identify what PII may have been accessible. (3) Review access logs to determine if unauthorized access occurred. (4) Until patched, implement network-level access controls to restrict FastTrack resource endpoints to authorized users only. (5) Temporarily restrict or remove sensitive PII from FastTrack repositories pending patch deployment. (6) Follow Microsoft's official remediation guidance available through their security advisories portal. (7) Establish a timeline to deploy security updates immediately upon release; do not delay given network accessibility and lack of exploitation barriers.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +38
POC: 0

Share

CVE-2025-49715 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy