Search criteria
3074 vulnerabilities found for Edge by Microsoft
CERTFR-2025-AVI-1103
Vulnerability from certfr_avis - Published: 2025-12-12 - Updated: 2025-12-15
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 143.0.3650.80",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-14372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14372"
},
{
"name": "CVE-2025-14373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14373"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
}
],
"initial_release_date": "2025-12-12T00:00:00",
"last_revision_date": "2025-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-12T00:00:00.000000"
},
{
"description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-14174",
"revision_date": "2025-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-14372",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14372"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-14373",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14373"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-14174",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14174"
}
]
}
CERTFR-2025-AVI-1069
Vulnerability from certfr_avis - Published: 2025-12-05 - Updated: 2025-12-05
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 143.0.3650.66",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13720"
},
{
"name": "CVE-2025-13638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13638"
},
{
"name": "CVE-2025-13633",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13633"
},
{
"name": "CVE-2025-13636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13636"
},
{
"name": "CVE-2025-13637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13637"
},
{
"name": "CVE-2025-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13630"
},
{
"name": "CVE-2025-13634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13634"
},
{
"name": "CVE-2025-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13632"
},
{
"name": "CVE-2025-13640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13640"
},
{
"name": "CVE-2025-13635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13635"
},
{
"name": "CVE-2025-13639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13639"
},
{
"name": "CVE-2025-13721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13721"
},
{
"name": "CVE-2025-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13631"
},
{
"name": "CVE-2025-62223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62223"
}
],
"initial_release_date": "2025-12-05T00:00:00",
"last_revision_date": "2025-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1069",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13635",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13635"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13638"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13720"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13639",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13639"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-62223",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62223"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13634",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13634"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13630",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13630"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13640",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13640"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13631",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13631"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13721",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13721"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13636",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13636"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13633",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13633"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13637",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13637"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-13632",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13632"
}
]
}
CERTFR-2025-AVI-0994
Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 142.0.3595.66",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-12729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12729"
},
{
"name": "CVE-2025-12728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12728"
}
],
"initial_release_date": "2025-11-12T00:00:00",
"last_revision_date": "2025-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0994",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-11-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12728",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12728"
},
{
"published_at": "2025-11-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12729",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12729"
}
]
}
CERTFR-2025-AVI-0976
Vulnerability from certfr_avis - Published: 2025-11-07 - Updated: 2025-11-07
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 142.0.3595.65",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
}
],
"initial_release_date": "2025-11-07T00:00:00",
"last_revision_date": "2025-11-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0976",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12726",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12726"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12727"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12725",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12725"
}
]
}
CERTFR-2025-AVI-0898
Vulnerability from certfr_avis - Published: 2025-10-20 - Updated: 2025-10-20
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 141.0.3537.85",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11756"
}
],
"initial_release_date": "2025-10-20T00:00:00",
"last_revision_date": "2025-10-20T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0898",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Edge. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-11756",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11756"
}
]
}
CERTFR-2025-AVI-0821
Vulnerability from certfr_avis - Published: 2025-09-26 - Updated: 2025-09-26
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 140.0.3485.94",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-10892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10892"
},
{
"name": "CVE-2025-10891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10891"
},
{
"name": "CVE-2025-10890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10890"
},
{
"name": "CVE-2025-59251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59251"
}
],
"initial_release_date": "2025-09-26T00:00:00",
"last_revision_date": "2025-09-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0821",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10890",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10890"
},
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10891",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10891"
},
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10892",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10892"
},
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-59251",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59251"
}
]
}
CERTFR-2025-AVI-0809
Vulnerability from certfr_avis - Published: 2025-09-22 - Updated: 2025-09-22
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Microsoft indique que la vulnérabilité CVE-2025-10585 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 140.0.3485.81",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-10501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10501"
},
{
"name": "CVE-2025-10500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10500"
},
{
"name": "CVE-2025-10502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10502"
},
{
"name": "CVE-2025-10585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10585"
}
],
"initial_release_date": "2025-09-22T00:00:00",
"last_revision_date": "2025-09-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0809",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2025-10585 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10502",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10502"
},
{
"published_at": "2025-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10500",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10500"
},
{
"published_at": "2025-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10501",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10501"
},
{
"published_at": "2025-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-10585",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10585"
}
]
}
CERTFR-2025-AVI-0798
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 140.0.3485.71",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-47967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47967"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0798",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Edge. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-47967",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967"
}
]
}
CERTFR-2025-AVI-0742
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 139.0.3405.125",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9478",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9478"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0742",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Edge. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-9478",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9478"
}
]
}
CERTFR-2025-AVI-0719
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 138.0.3351.144",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9132"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0719",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Edge. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-9132",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9132"
}
]
}
CERTFR-2025-AVI-0705
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 139.0.3405.102",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8881"
},
{
"name": "CVE-2025-8880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8880"
},
{
"name": "CVE-2025-8901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8901"
},
{
"name": "CVE-2025-8882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8882"
},
{
"name": "CVE-2025-8879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8879"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0705",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-8880",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8880"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-8881",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8881"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-8901",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8901"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-8882",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8882"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-8879",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8879"
}
]
}
CERTFR-2025-AVI-0685
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge pour Android versions ant\u00e9rieures \u00e0 139.0.3405.86",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49755"
},
{
"name": "CVE-2025-49736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49736"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0685",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-49736",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49736"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-49755",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49755"
}
]
}
FKIE_CVE-2025-47967
Vulnerability from fkie_nvd - Published: 2025-09-16 19:15 - Updated: 2025-10-01 20:31
Severity ?
Summary
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"matchCriteriaId": "4AE0A13B-5D91-4EE4-8E04-545D707A193B",
"versionEndExcluding": "140.0.3485.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network."
}
],
"id": "CVE-2025-47967",
"lastModified": "2025-10-01T20:31:29.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-09-16T19:15:35.410",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-357"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49736
Vulnerability from fkie_nvd - Published: 2025-08-12 18:15 - Updated: 2025-08-15 17:48
Severity ?
Summary
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49736 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6D68A893-9468-425E-BC3B-5EDE6075C426",
"versionEndExcluding": "139.0.3405.86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network."
},
{
"lang": "es",
"value": "La interfaz de usuario realiza una acci\u00f3n incorrecta en Microsoft Edge para Android y permite que un atacante no autorizado realice suplantaci\u00f3n de identidad a trav\u00e9s de una red."
}
],
"id": "CVE-2025-49736",
"lastModified": "2025-08-15T17:48:36.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-08-12T18:15:30.343",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49736"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-449"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49755
Vulnerability from fkie_nvd - Published: 2025-08-12 18:15 - Updated: 2025-08-15 17:49
Severity ?
Summary
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49755 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6D68A893-9468-425E-BC3B-5EDE6075C426",
"versionEndExcluding": "139.0.3405.86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network."
},
{
"lang": "es",
"value": "La tergiversaci\u00f3n de informaci\u00f3n cr\u00edtica en la interfaz de usuario (IU) de Microsoft Edge para Android permite que un atacante no autorizado realice suplantaci\u00f3n de identidad a trav\u00e9s de una red."
}
],
"id": "CVE-2025-49755",
"lastModified": "2025-08-15T17:49:33.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-08-12T18:15:30.990",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49755"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
CVE-2025-47967 (GCVE-0-2025-47967)
Vulnerability from cvelistv5 – Published: 2025-09-16 18:13 – Updated: 2025-11-21 18:18
VLAI?
Summary
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-357 - Insufficient UI Warning of Dangerous Operations
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0.0 , < 140.0.3485.71
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T20:02:26.951639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T20:02:32.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "140.0.3485.71",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "140.0.3485.71",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-357",
"description": "CWE-357: Insufficient UI Warning of Dangerous Operations",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T18:18:17.676Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967"
}
],
"title": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-47967",
"datePublished": "2025-09-16T18:13:10.558Z",
"dateReserved": "2025-05-14T14:13:13.465Z",
"dateUpdated": "2025-11-21T18:18:17.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49736 (GCVE-0-2025-49736)
Vulnerability from cvelistv5 – Published: 2025-08-12 17:10 – Updated: 2025-11-10 00:12
VLAI?
Summary
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for Android |
Affected:
1.0.0 , < 139.0.3405.86
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T20:15:31.126137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T20:15:49.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "139.0.3405.86",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "139.0.3405.86",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T00:12:55.034Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49736"
}
],
"title": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49736",
"datePublished": "2025-08-12T17:10:48.861Z",
"dateReserved": "2025-06-09T21:23:11.524Z",
"dateUpdated": "2025-11-10T00:12:55.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47967 (GCVE-0-2025-47967)
Vulnerability from nvd – Published: 2025-09-16 18:13 – Updated: 2025-11-21 18:18
VLAI?
Summary
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-357 - Insufficient UI Warning of Dangerous Operations
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0.0 , < 140.0.3485.71
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T20:02:26.951639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T20:02:32.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "140.0.3485.71",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "140.0.3485.71",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-16T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-357",
"description": "CWE-357: Insufficient UI Warning of Dangerous Operations",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T18:18:17.676Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967"
}
],
"title": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-47967",
"datePublished": "2025-09-16T18:13:10.558Z",
"dateReserved": "2025-05-14T14:13:13.465Z",
"dateUpdated": "2025-11-21T18:18:17.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49736 (GCVE-0-2025-49736)
Vulnerability from nvd – Published: 2025-08-12 17:10 – Updated: 2025-11-10 00:12
VLAI?
Summary
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for Android |
Affected:
1.0.0 , < 139.0.3405.86
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T20:15:31.126137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T20:15:49.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "139.0.3405.86",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "139.0.3405.86",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T00:12:55.034Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49736"
}
],
"title": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49736",
"datePublished": "2025-08-12T17:10:48.861Z",
"dateReserved": "2025-06-09T21:23:11.524Z",
"dateUpdated": "2025-11-10T00:12:55.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}