1. Home
  2. CVE Database
  3. CVE-2025-29821
MEDIUM · 5.5

CVE-2025-29821

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

Vulnerability Description

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
MicrosoftDynamics 365 Business Central 2023>= 23.1.13812, < 23.18.32409
MicrosoftDynamics 365 Business Central 2024< 24.12.32447
MicrosoftDynamics 365 Business Central 2025< 26.0.32481

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2025-29821?

CVE-2025-29821 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

How severe is CVE-2025-29821?

CVE-2025-29821 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-29821?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Dynamics 365 Business Central 2023, Microsoft Dynamics 365 Business Central 2024, Microsoft Dynamics 365 Business Central 2025.