CVE-2025-62211
Published: 11 November 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-62211 is a cross-site scripting (XSS) vulnerability stemming from improper neutralization of input during web page generation, classified under CWE-79. It affects Dynamics 365 Field Service (online). Published on 2025-11-11, the vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality and integrity impacts with a changed scope.
An authorized attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N), though it requires user interaction (UI:R). Successful exploitation enables spoofing attacks, potentially leading to high confidentiality and integrity violations in a cross-context scenario.
Microsoft's security advisory, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62211, provides guidance on mitigation and patching for this issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
XSS vulnerability in public-facing cloud web application (Dynamics 365 Field Service online) directly enables exploitation of public-facing application.