CVE-2025-62211

High

Published: 11 November 2025

Published

11 November 2025

Modified

17 November 2025

KEV Added

—

Patch

—

CVSS Score 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS Score 0.0004 13.7th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62211 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Microsoft Dynamics 365. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of information inputs to neutralize untrusted data and prevent XSS exploitation from improper input handling.

SI-15 Information Output Filtering good match

prevent

Mandates filtering of information outputs during web page generation to block script injection and mitigate spoofing attacks.

SI-2 Flaw Remediation good match

prevent

Ensures timely remediation of identified flaws like this XSS vulnerability through patching, directly addressing the root cause in Dynamics 365.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

XSS vulnerability in public-facing cloud web application (Dynamics 365 Field Service online) directly enables exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

Deeper analysisAI

CVE-2025-62211 is a cross-site scripting (XSS) vulnerability stemming from improper neutralization of input during web page generation, classified under CWE-79. It affects Dynamics 365 Field Service (online). Published on 2025-11-11, the vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality and integrity impacts with a changed scope.

An authorized attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N), though it requires user interaction (UI:R). Successful exploitation enables spoofing attacks, potentially leading to high confidentiality and integrity violations in a cross-context scenario.

Microsoft's security advisory, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62211, provides guidance on mitigation and patching for this issue.

Details

CWE(s): CWE-79

Affected Products

microsoft

dynamics 365

≤ 8.8.139.398

CVEs Like This One

CVE-2025-62210Same product: Microsoft Dynamics 365

CVE-2026-32210Same product: Microsoft Dynamics 365

CVE-2025-62459Same vendor: Microsoft

CVE-2026-21264Same vendor: Microsoft

CVE-2026-26144Same vendor: Microsoft

CVE-2026-26105Same vendor: Microsoft

CVE-2026-20856Same vendor: Microsoft

CVE-2025-21385Same vendor: Microsoft

CVE-2025-24043Same vendor: Microsoft

CVE-2025-49706Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62211
Vendor Advisory · secure@microsoft.com