CVE-2025-29821: Microsoft Dynamics Business Central Information Disclosure Vulnerability

5.5 CVSS

Description

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

Classification

CVE ID: CVE-2025-29821

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Problem Types

CWE-20: Improper Input Validation

Affected Products

Vendor: Microsoft, Microsoft, Microsoft, Microsoft

Product: Microsoft Dynamics 365 Business Central 2024 Wave 1 2024, Microsoft Dynamics 365 Business Central 2023 Wave 2, Microsoft Dynamics 365 Business Central 2024 Wave 2, Microsoft Dynamics 365 Business Central 2025 Wave 1

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 19.83% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-29821
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29821

Timeline

2025-04-08 18:40:23 UTC
CVE

Microsoft Dynamics Business Central Information Disclosure Vulnerability