CVE-2025-58112 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 19, 2026
Microsoft Dynamics 365 Customer Engagement - SQL Injection
Published: March 18, 2026Updated: March 19, 2026Remote Exploitable
Overview
Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) contains a SQL injection caused by processing malicious .rdl files in SQL Server Reporting Service, letting attackers with Add Reporting Services Reports privilege execute arbitrary SQL commands, exploit requires report generation privilege or preloaded malicious report.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can execute arbitrary SQL commands and potentially OS commands, leading to full database and system compromise.
Mitigation
Update to the latest available version with security patches.
References
Related Resources
Details
- CVE ID
- CVE-2025-58112
- Severity
- High
- CVSS Score
- 8.8
- Type
- sql_injection
- Status
- unconfirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H