July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
PLAYFULGHOST Infects VPN Apps through Phishing and SEO Poisoning
January 6, 2025Critical Security Vulnerabilities Patched in Microsoft Dynamics 365 and Power Apps Web API
January 6, 2025PLAYFULGHOST Infects VPN Apps through Phishing and SEO Poisoning
January 6, 2025Critical Security Vulnerabilities Patched in Microsoft Dynamics 365 and Power Apps Web API
January 6, 2025
Severity
Medium
Analysis Summary
CVE-2024-49041 CVSS:4.3
Microsoft Edge (Chromium-based) could allow a remote attacker to conduct spoofing attacks. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to modify the content of the vulnerable link to redirect the victim to a malicious site.
CVE-2024-49054 CVSS:4.3
Microsoft Edge (Chromium-based) could allow a remote attacker to conduct spoofing attacks. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform an attack.
CVE-2024-49025 CVSS:5.4
Microsoft Edge (Chromium-based) could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-43577 CVSS:4.3
Microsoft Edge (Chromium-based) could allow a remote attacker to conduct spoofing attacks.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-49041
- CVE-2024-49054
- CVE-2024-49025
- CVE-2024-43577
Affected Vendors
Microsoft
Affected Products
- Microsoft Edge (Chromium-based) - 1.0.0
- Microsoft Edge (Chromium-based) 131.0
- Microsoft Edge (Chromium-based) - 130.0.2849.46
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.