CVE-2025-29807 is a Remote Code Execution (RCE) vulnerability affecting Microsoft Dataverse. This flaw allows an authenticated attacker to execute arbitrary code over a network by exploiting the deserialization of untrusted data. The vulnerability impacts versions of Dataverse less than or equal to the currently known affected range. Microsoft has not yet released a fixed version.
Successful exploitation of CVE-2025-29807 grants an attacker the ability to execute arbitrary code within the context of the Dataverse service. This could lead to complete system compromise, data exfiltration, and disruption of business operations. Given the potential for remote code execution, the blast radius is significant, potentially impacting all data and services reliant on Microsoft Dataverse. The requirement for authentication limits the immediate scope, but a compromised user account could be leveraged to escalate privileges and gain broader access.
CVE-2025-29807 was publicly disclosed on 2025-03-21. The vulnerability's exploitation context is currently unclear, with no public proof-of-concept (POC) available. Its inclusion in the Microsoft security bulletin suggests a potential for exploitation, but the absence of public exploits indicates a lower immediate risk. The EPSS score is pending evaluation.
Organizations heavily reliant on Microsoft Dataverse for data storage and business processes are at significant risk. This includes companies using Dataverse for CRM, ERP, or custom applications. Environments with weak authentication controls or inadequate input validation are particularly vulnerable.
• .NET / Windows: Monitor for unusual process creation related to Dataverse services. Use Sysmon to track deserialization events and identify suspicious payloads.
Get-Process -Name Dataverse | Select-Object -ExpandProperty Path• .NET / Windows: Examine Dataverse logs for errors related to deserialization.
Get-WinEvent -LogName Application -Filter "ProviderName=Microsoft.Dataverse" -MaxEvents 100• generic web: Monitor Dataverse endpoints for unexpected requests or responses. Review access logs for unusual patterns.
disclosure
エクスプロイト状況
EPSS
0.96% (76% パーセンタイル)
CISA SSVC
CVSS ベクトル
Due to the lack of a fixed version, immediate mitigation strategies are crucial. Implement strict input validation and sanitization for all data entering the Dataverse system to prevent malicious payloads from being deserialized. Consider network segmentation to limit the potential impact of a successful attack. Monitor Dataverse logs for suspicious activity, particularly related to deserialization processes. While a patch is pending, regularly review Microsoft security advisories for updates and guidance.
Aplique las actualizaciones de seguridad proporcionadas por Microsoft para Microsoft Dataverse. Consulte el boletín de seguridad de Microsoft para obtener más información y las actualizaciones correspondientes.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-29807 is a Remote Code Execution vulnerability in Microsoft Dataverse that allows an authenticated attacker to execute code over a network through deserialization of untrusted data.
You are affected if you are using Microsoft Dataverse versions less than or equal to the currently known affected range. Check your version and monitor Microsoft security advisories.
A fixed version is currently unavailable. Mitigate by implementing strict input validation, network segmentation, and monitoring Dataverse logs.
There are currently no publicly known active exploits, but the vulnerability's severity warrants proactive mitigation.
Refer to the official Microsoft Security Response Center (MSRC) advisory for CVE-2025-29807 when it becomes available.
packages.lock.json ファイルをアップロードすると、影響の有無を即座にお知らせします。