CVE-2025-53791

FAQ

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? **

Successful exploitation of this vulnerability requires an attacker to enable Edge Split Screen mode, have a specific configuration, and run multiple pages.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability? **

An attacker who successfully exploited the vulnerability could:

• Run scripts intended to get the read token from the parent webpage DOM (Confidentiality)
• Make changes to the javascript in the parent window (Integrity)
• But cannot limit access to the resource (Availability)

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? **

The user would have to open a web page that contained a malicious iframe.

What is the version information for this release?

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? **

In this case, a successful attack could break the iframe sandbox and allow an iframe to interact with the parent DOM.