Offcanvas

When Should We Call You?

Edit Template

Security Bulletin: Critical Vulnerabilities in Microsoft Edge

Spread the love

 

 

  1. General Information

 

Affected Product : Microsoft Edge 

Publication Date : March 24, 2025 

Source : Microsoft Edge Security Bulletin 

 

  1. Vulnerability Classification

 

Impact

  – Loss of confidentiality 

  – Loss of integrity 

  – System unavailability 

Exploitability  :    No known exploits at this time 

Recommended Solution   :    Update to the latest version of Microsoft Edge 

 

  1. Affected Systems

 

The following versions of Microsoft Edge are affected by these vulnerabilities: 

Microsoft Edge (Chromium-based)   :   Versions  134.0.6998.117/118 and earlier 

Microsoft Edge   :   Version  134.0.3124.83  and earlier 

Users and administrators must ensure their browser is up to date to prevent exploitation of these vulnerabilities. 

 

  1. Security Risks and Impacts

 

Exploitation of the identified vulnerabilities may lead to the following major risks: 

  1. Arbitrary Code Execution : An attacker could remotely execute malicious code on the affected system, compromising data integrity and confidentiality.
  2. Privilege Escalation :

 

A malicious user could exploit a flaw to gain higher privileges than intended, enabling partial or full system control. 

  1. Use-After-Free Memory Corruption :

 

 This vulnerability may lead to memory corruption, causing browser crashes or facilitating the execution of malicious code. 

 

  1. Vulnerability Details:

Several vulnerabilities have been identified and assigned the following CVE codes: 

CVE-2025-29795

  –  CVSS 3.1 Score  :  7.8 (High) 

  – Type  :  Privilege Escalation 

  – Description  :  A flaw allows an attacker to elevate privileges by exploiting a weakness in the browser’s rendering engine. 

 

CVE-2025-2476 : 

  – CVSS 3.1 Score : 9.8 (Critical) 

  –  Type : Use-After-Free 

  –  Description : Improper memory management could be exploited by an attacker to execute arbitrary code or crash the browser. 

 

CVE-2025-29806: 

  – CVSS 3.1 Score : 6.5 (Medium) 

  – Type : Arbitrary Code Execution 

  – Description : A vulnerability allows an attacker to execute remote code by tricking a user into visiting a malicious website. 

 

  1. Solutions and Patches

 

Microsoft has released security patches to address these vulnerabilities. It is strongly recommended to apply these updates as soon as possible. 

Patches are available at the following links: 

 

  1. Recommendations

 

To mitigate risks associated with these vulnerabilities, users and administrators are advised to: 

  1. Update Microsoft Edge by downloading the latest available version.
  2. Enable automatic updates to ensure the browser remains protected against new threats.
  3. Avoid opening suspicious links sent via email or displayed on untrusted websites.
  4. Strengthen system security by following cybersecurity best practices.

 

  1. Conclusion

The vulnerabilities discovered in Microsoft Edge pose a critical risk to user security. Exploitation could allow an attacker to execute arbitrary code, escalate privileges, or compromise system memory. Applying patches and maintaining a secure environment are essential to mitigating these threats.


Spread the love

Leave a Reply

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Popular Articles

Most Recent Posts

  • All Post
  • Active Directory
  • Azure
  • Azure Cloud
  • Azure Infrastructure
  • Azure Patch
  • Azure Security
  • Cloud
  • Cloud Computing
  • Entertinment
  • Exchange Server
  • Manage M365
  • Messaging
  • Microsoft
  • Microsoft 365
  • Microsoft Purview
  • News
  • Patch Tuesday
  • Request Call
  • Security
  • Security M365
  • Websites
  • Windows Server
  • Windows Server Patch

Information

Disclaimer

Privacy Statement

Terms of Service

ThankYou