CVE-2025-62210
Published: 11 November 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-62210 is a cross-site scripting (XSS) vulnerability stemming from improper neutralization of input during web page generation, mapped to CWE-79. It affects Dynamics 365 Field Service (online). Published on 2025-11-11T18:15:48.273, the vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality and integrity impacts.
An authorized attacker with low privileges (PR:L) can exploit this flaw over the network (AV:N) by tricking a user into performing an action (UI:R), such as interacting with a maliciously crafted web page. Exploitation enables spoofing attacks with a changed scope (S:C), potentially compromising high levels of confidentiality and integrity for affected users.
The Microsoft Security Response Center advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62210.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
XSS vulnerability in public-facing web application (Dynamics 365 Field Service online) directly enables remote exploitation for initial access or privilege escalation via T1190: Exploit Public-Facing Application.