CVE-2025-49736: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Overview

Severity

Medium (CVSS 4.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2025-Aug

Released

2025-08-12

EPSS Score

0.06% (percentile: 19.4%)

Description

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

FAQ

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.86 8/07/2025 139.0.7258.66/67 According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker.

Affected Products (1)

Browser

• Microsoft Edge for Android

Acknowledgments

<a href="https://id.linkedin.com/in/alwialhadad/in">Alwi Al Hadad</a> with <a href="https://meta4sec.com/">Meta4sec - Komunitas Siber UNM</a>

Revision History

• 2025-08-12: Information published.