CVE-2025-58112 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 19, 2026
Microsoft Dynamics 365 Customer Engagement - SQL Injection
Overview
Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) contains a SQL injection caused by processing malicious .rdl files in SQL Server Reporting Service, letting attackers with Add Reporting Services Reports privilege execute arbitrary SQL commands, exploit requires report generation privilege or preloaded malicious report.
Severity & Score
Impact
Attackers can execute arbitrary SQL commands and potentially OS commands, leading to full database and system compromise.
Mitigation
Update to the latest available version with security patches.
References
Social Media Activity(2 posts)
š CVE-2025-58112 - High (8.8) Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting... š https://www.thehackerwire.com/vulnerability/CVE-2025-58112/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2025-58112 - High (8.8) Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting... š https://www.thehackerwire.com/vulnerability/CVE-2025-58112/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-58112
- Severity
- High
- CVSS Score
- 8.8
- Type
- sql_injection
- Status
- unconfirmed
- EPSS
- 6.5%
- Social Posts
- 2
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H