CVE-2025-21283

Опубликовано: 06 фев. 2025

Источник: msrc

CVSS3: 6.5

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

FAQ

According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?

Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
133.0.3065.51	2/6/2025	133.0.6943.53/54

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 48%

0.00251

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-21283

CVSS3: 6.5

nvd

6 месяцев назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

GHSA-24m4-jmrh-xh5r

CVSS3: 6.5

github

6 месяцев назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

BDU:2025-01632

CVSS3: 8.8

fstec

6 месяцев назад

Уязвимость браузера Microsoft Edge, связанная с недостаточной гранулярностью адресных областей, защищенных блокировкой регистра, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 48%

0.00251

Низкий

6.5 Medium

CVSS3