CVE-2025-58112 | Microsoft Dynamics 365 Customer Engagement - Reporting Service Operational Intel

Executive Risk Summary

"A vulnerability in Microsoft Dynamics 365 Customer Engagement (on-premises) allows an attacker to execute arbitrary SQL commands in the underlying database by uploading a malicious .rdl file. This could lead to unauthorized data access, modification, or deletion, depending on the permissions of the account running SQL Server Reporting Services."

Operational Audit Arsenal

Target Type System Service

Target Asset SQL Server Reporting Services

Standard Path %windir%\Microsoft.NET\Framework64\v4.0.30319\MSRS2016

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: SQL Server Reporting Services (System Service)
$Targets = 'SQL Server Reporting Services'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Moderate, may require downtime for SQL Server Reporting Services

Internal Work Notes

Vulnerability in Microsoft Dynamics 365 Customer Engagement Reporting Service allows arbitrary SQL command execution, requiring immediate patching and verification of SQL Server Reporting Services configuration.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://gist.github.com/Redteam-LongwaveSpa/141f6c52ce49f9c0f49989c7d6940abd

MSRC Advisoryhttps://microsoft.com

Related Microsoft Threats

CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau

CVE-2025-65041 CVSS 10

Microsoft Partner Center

CVE-2026-33105 CVSS 10

Microsoft Azure Kubernetes Service - Azure Kubernetes

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.