CVE-2025-47967: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Overview

Severity

Medium (CVSS 4.7)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2025-Sep

Released

2025-09-16

EPSS Score

0.06% (percentile: 19.6%)

Description

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

FAQ

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.71 09/16/2025 140.0.7339.133

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Security Updates (1)

• Release Notes

Acknowledgments

Barath Stalin

Revision History

• 2025-09-16: Information published.