CVE-2025-29825

Опубликовано: 01 мая 2025

Источник: msrc

CVSS3: 6.5

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
136.0.3240.50	5/1/2025	136.0.7103.49

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 25%

0.00082

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-29825

CVSS3: 6.5

nvd

около 2 месяцев назад

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

GHSA-9fm7-xgc6-wc2h

CVSS3: 6.5

github

около 2 месяцев назад

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

BDU:2025-05432

CVSS3: 6.5

fstec

около 2 месяцев назад

Уязвимость браузера Microsoft Edge, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг атаки

EPSS

Процентиль: 25%

0.00082

Низкий

6.5 Medium

CVSS3