CVE-2025-47182

Опубликовано: 26 июн. 2025

Источник: msrc

CVSS3: 5.6

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

To successfully exploit this vulnerability, an attacker would need existing ability to execute Javascript in the impacted process.

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a browser sandbox escape.

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
138.0.3351.55	6/26/2025	138.0.7204.49/.50

Publicly Disclosed

Exploited

DOS

N/A

EPSS

Процентиль: 18%

0.00058

Низкий

5.6 Medium

CVSS3

CVE-2025-47182

CVSS3: 5.6

nvd

26 дней назад

Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

GHSA-gf4j-q3jq-qp2g

CVSS3: 5.6

github

26 дней назад

Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

BDU:2025-09201

CVSS3: 5.6

fstec

около 1 месяца назад

Уязвимость браузера Microsoft Edge, связанная с недостаточной проверкой входных данных, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 18%

0.00058

Низкий

5.6 Medium

CVSS3