Skip to main content

Dynamics 365 CVE-2025-55238

HIGH
Improper Access Control (CWE-284)
2025-09-04 secure@microsoft.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:10 vuln.today
CVE Published
Sep 04, 2025 - 23:15 nvd
HIGH 7.5

DescriptionCVE.org

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

AnalysisAI

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability Affected products include: Microsoft Dynamics 365.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-38182 CRITICAL
9.8 Jul 31

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. R

CVE-2022-35805 HIGH
8.8 Sep 13

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabi

CVE-2022-34700 HIGH
8.8 Sep 13

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabi

CVE-2022-23259 HIGH
8.8 Apr 15

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabili

CVE-2021-42316 HIGH
8.8 Nov 10

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabili

CVE-2020-17158 HIGH
8.8 Dec 10

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. Rated high severity

CVE-2020-17152 HIGH
8.8 Dec 10

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. Rated high severity

CVE-2019-1229 HIGH
8.8 Aug 14

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. Rated high severity (CVSS 8.8), this vulnerabi

CVE-2018-8609 HIGH
8.8 Nov 14

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to

CVE-2020-17147 HIGH
8.7 Dec 10

Dynamics CRM Webclient Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotel

CVE-2024-38211 HIGH
8.2 Aug 13

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerabil

CVE-2024-21395 HIGH
8.2 Feb 13

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerabil

Share

CVE-2025-55238 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy