Cross-Site Scripting Vulnerability in Dynamics 365 Field Service by Microsoft
CVE-2025-62211

8.7HIGH

Key Information:

Vendor: Microsoft
Status: Dynamics 365 Field Service (online)
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-62211?

An identified vulnerability in Dynamics 365 Field Service (online) allows authorized attackers to manipulate input data during web page generation, leading to potential spoofing attacks. This mismanagement of user input can compromise the integrity of web interactions, making it essential for users to be aware of suspicious activity and to implement recommended security practices.

Affected Version(s)

Dynamics 365 Field Service (online) Unknown 1.0.0 < 8.8.139.398

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Oct 8, 2025

JSON