CVE-2025-62210

High

Published: 11 November 2025

Published

11 November 2025

Modified

17 November 2025

KEV Added

—

Patch

—

CVSS Score 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS Score 0.0004 13.7th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62210 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Microsoft Dynamics 365. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validation of all information inputs, directly addressing the improper neutralization of input that enables this XSS vulnerability.

SI-15 Information Output Filtering good match

prevent

SI-15 mandates filtering of information prior to output on web pages, preventing the execution of injected scripts in this web page generation flaw.

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely identification, reporting, and correction of flaws like this specific XSS vulnerability via patching as advised by Microsoft.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

XSS vulnerability in public-facing web application (Dynamics 365 Field Service online) directly enables remote exploitation for initial access or privilege escalation via T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

Deeper analysisAI

CVE-2025-62210 is a cross-site scripting (XSS) vulnerability stemming from improper neutralization of input during web page generation, mapped to CWE-79. It affects Dynamics 365 Field Service (online). Published on 2025-11-11T18:15:48.273, the vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality and integrity impacts.

An authorized attacker with low privileges (PR:L) can exploit this flaw over the network (AV:N) by tricking a user into performing an action (UI:R), such as interacting with a maliciously crafted web page. Exploitation enables spoofing attacks with a changed scope (S:C), potentially compromising high levels of confidentiality and integrity for affected users.

The Microsoft Security Response Center advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62210.

Details

CWE(s): CWE-79

Affected Products

microsoft

dynamics 365

≤ 8.8.139.398

CVEs Like This One

CVE-2025-62211Same product: Microsoft Dynamics 365

CVE-2026-32210Same product: Microsoft Dynamics 365

CVE-2025-62459Same vendor: Microsoft

CVE-2026-21264Same vendor: Microsoft

CVE-2026-26144Same vendor: Microsoft

CVE-2026-26105Same vendor: Microsoft

CVE-2026-20856Same vendor: Microsoft

CVE-2025-21385Same vendor: Microsoft

CVE-2025-24043Same vendor: Microsoft

CVE-2025-49706Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62210
Vendor Advisory · secure@microsoft.com