CVE-2025-62459
Published: 20 November 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-62459 is a spoofing vulnerability (CWE-79) affecting the Microsoft Defender Portal. Published on 2025-11-20, it carries a CVSS v3.1 base score of 8.3 (High), reflecting a network-accessible issue (AV:N) with low complexity (AC:L), no required privileges (PR:N), and user interaction needed (UI:R), resulting in high confidentiality and integrity impacts (C:H/I:H), low availability impact (A:L), and unchanged scope (S:U).
An unauthenticated attacker can exploit this vulnerability remotely by tricking a user into performing an action, such as clicking a malicious link or interacting with spoofed content in the Microsoft Defender Portal. Successful exploitation enables the attacker to spoof the portal's interface, potentially leading to unauthorized access to sensitive information or manipulation of user actions, compromising confidentiality and integrity while causing limited disruption to availability.
Microsoft's Security Response Center (MSRC) provides detailed guidance on the vulnerability, including patch information and mitigation steps, at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62459. Security practitioners should consult this advisory for deployment instructions and verify updates to affected Defender Portal instances.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Spoofing vulnerability (CWE-79/XSS) in the public-facing Microsoft Defender Portal enables remote exploitation without privileges via user interaction (e.g., malicious link), directly mapping to T1190: Exploit Public-Facing Application.