CVE-2025-47963: Microsoft Edge (Chromium-based) Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Jun

Released

2025-06-26

EPSS Score

0.48% (percentile: 65.1%)

Description

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.55 6/26/2025 138.0.7204.49/.50

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

Puf

Revision History

• 2025-06-26: Information published.