Security Feature Bypass Vulnerability in Microsoft Edge (Chromium-based) by Microsoft
CVE-2025-21401

4.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based)
Vendor: CVE Published:; 15 February 2025

What is CVE-2025-21401?

A security feature bypass vulnerability exists in Microsoft Edge (Chromium-based) that could allow an attacker to bypass security restrictions and potentially execute unauthorized actions. This vulnerability arises from improper validation of user input which could be exploited through crafted web content. Users and organizations are encouraged to apply available updates to mitigate any potential risk associated with this issue.

Affected Version(s)

Microsoft Edge (Chromium-based) Unknown 1.0.0 < 133.0.3065.69

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2025