CVE-2025-21283

Medium

Published: 06 February 2025

Published

06 February 2025

Modified

11 February 2025

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score 0.0042 62.0th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Security Summary

CVE-2025-21283 is a remote code execution vulnerability in Microsoft Edge, the Chromium-based web browser. Published on 2025-02-06, it carries a CVSS v3.1 base score of 6.5, with vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, and is linked to CWE-1222 as well as NVD-CWE-noinfo.

An unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity by tricking a user into some form of interaction, such as visiting a malicious webpage. Successful exploitation enables remote code execution within the browser's context, resulting in high confidentiality impact while having no integrity or availability effects.

Microsoft's Security Response Center has issued an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21283, where security practitioners and users are directed to apply the available patches to mitigate the issue.

Details

CWE(s): CWE-1222NVD-CWE-noinfo

Affected Products

microsoft

edge chromium

≤ 133.0.3065.51

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21283
Vendor Advisory · secure@microsoft.com