Severity
Medium
Analysis Summary
CVE-2025-29796 CVSS:4.7
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-29815 CVSS:7.6
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
CVE-2025-25001 CVSS:4.3
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-25000 CVSS:8.8
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Impact
- Gain Access
- Code Execution
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-29796
CVE-2025-29815
CVE-2025-25001
CVE-2025-25000
Affected Vendors
- Microsoft
Affected Products
- Microsoft Edge for iOS
- Microsoft Edge (Chromium-based)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.