CVE-2025-24053
Published: 13 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-24053 is an improper authentication vulnerability (CWE-285) affecting Microsoft Dataverse. Published on 2025-03-13, it enables an authorized attacker to elevate privileges over a network. The issue carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and significant impacts across confidentiality, integrity, and availability.
The vulnerability requires high privileges (PR:H) for exploitation, meaning attackers must already possess an authorized account with elevated access within the affected environment. Exploitation occurs over the network without user interaction, allowing the attacker to escalate privileges further, potentially compromising the full triad of security impacts at a high level.
Microsoft's advisory provides details on mitigation; practitioners should consult the MSRC update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24053 for patching instructions and workarounds.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes an improper authentication flaw in Microsoft Dataverse that allows an already-authorized (high-privilege) attacker to escalate privileges over the network, directly enabling the Exploitation for Privilege Escalation technique.