Cyber Resilience

CVE-2025-62211

High

Published: 11 November 2025

Published
11 November 2025
Modified
17 November 2025
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0005 16.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62211 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Microsoft Dynamics 365. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-62211 is a cross-site scripting (XSS) vulnerability stemming from improper neutralization of input during web page generation, classified under CWE-79. It affects Dynamics 365 Field Service (online). Published on 2025-11-11, the vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality and integrity impacts with a changed scope.

An authorized attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N), though it requires user interaction (UI:R). Successful exploitation enables spoofing attacks, potentially leading to high confidentiality and integrity violations in a cross-context scenario.

Microsoft's security advisory, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62211, provides guidance on mitigation and patching for this issue.

EU & UK References

Vulnerability details

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

XSS vulnerability in public-facing cloud web application (Dynamics 365 Field Service online) directly enables exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-62210Same product: Microsoft Dynamics 365
CVE-2026-32210Same product: Microsoft Dynamics 365
CVE-2026-42833Same product: Microsoft Dynamics 365
CVE-2026-42898Same product: Microsoft Dynamics 365
CVE-2025-62459Same vendor: Microsoft
CVE-2026-21264Same vendor: Microsoft
CVE-2026-42897Same vendor: Microsoft
CVE-2026-26144Same vendor: Microsoft
CVE-2026-26105Same vendor: Microsoft
CVE-2025-65037Same vendor: Microsoft

Affected Assets

microsoft
dynamics 365
≤ 8.8.139.398

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of information inputs to neutralize untrusted data and prevent XSS exploitation from improper input handling.

prevent

Mandates filtering of information outputs during web page generation to block script injection and mitigate spoofing attacks.

prevent

Ensures timely remediation of identified flaws like this XSS vulnerability through patching, directly addressing the root cause in Dynamics 365.

References