CVE-2025-29825: Microsoft Edge (Chromium-based) Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-May

Released

2025-05-01

EPSS Score

3.16% (percentile: 86.9%)

Description

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103.49

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

zeeagil

Revision History

• 2025-05-01: Information published.