May 2025: Microsoft Dataverse Elevation of Privilege Vulnerability
CVE-2025-29826 Published on May 13, 2025
Microsoft Dataverse Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Weakness Type
Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
Products Associated with CVE-2025-29826
Want to know whenever a new CVE is published for Microsoft Dataverse? stack.watch will email you.
Affected Versions
Microsoft Dataverse:- Version 10.0 and below 3.4.0.1406 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.