Vulnerabilities > CVE-2025-29826 - Improper Handling of Insufficient Permissions or Privileges vulnerability in Microsoft Dataverse

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

microsoft

CWE-280

NVD

Published: 2025-05-13

Updated: 2025-05-19

Summary

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Dataverse *	1

Common Weakness Enumeration (CWE)

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29826