CVE-2025-21408

Опубликовано: 06 фев. 2025

Источник: msrc

CVSS3: 8.8

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

FAQ

According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?

Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
133.0.3065.51	2/6/2025	133.0.6943.53/54

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Unlikely

DOS

N/A

EPSS

Процентиль: 51%

0.00278

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2025-21408

CVSS3: 8.8

nvd

7 месяцев назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

GHSA-mq6h-8q58-f5gv

CVSS3: 8.8

github

7 месяцев назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

BDU:2025-02686

CVSS3: 8.8

fstec

7 месяцев назад

Уязвимость браузера Microsoft Edge, связанная с ошибками смешения типов данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 51%

0.00278

Низкий

8.8 High

CVSS3