CVE-2025-29795

Опубликовано: 21 мар. 2025

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

The attacker would gain the rights of the user that is running the affected application.

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 24%

0.00081

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2025-29795

CVSS3: 7.8

nvd

5 месяцев назад

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

GHSA-qc66-3q9c-grv6

CVSS3: 7.8

github

5 месяцев назад

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

BDU:2025-03191

CVSS3: 7.8

fstec

6 месяцев назад

Уязвимость браузера Microsoft Edge, связанная с некорректным определением символических ссылок перед доступом к файлу, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 24%

0.00081

Низкий

7.8 High

CVSS3