Cyber Resilience

CVE-2025-21279

Medium

Published: 06 February 2025

Published
06 February 2025
Modified
11 February 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score 0.0091 76.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21279 is a medium-severity Type Confusion (CWE-843) vulnerability in Microsoft Edge Chromium. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 23.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

Microsoft Edge (Chromium-based) contains a remote code execution vulnerability tracked as CVE-2025-21279. The flaw is associated with CWE-843 and carries a CVSS 3.1 base score of 6.5, reflecting a network-attack vector that requires low complexity, no privileges, and only user interaction to trigger high-impact confidentiality loss while leaving integrity and availability unaffected.

An unauthenticated remote attacker can exploit the issue by convincing a user to visit a specially crafted web page or resource in Microsoft Edge. Successful exploitation allows the attacker to execute arbitrary code in the context of the current user, primarily resulting in unauthorized disclosure of sensitive information from the affected browser process.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21279 provides official guidance on available updates and mitigation steps for the affected Edge versions.

EPSS scores for the CVE remain low, with a current value of 0.0091 and a recorded peak of 0.0146.

EU & UK References

Vulnerability details

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Browser RCE with UI:R enables drive-by compromise (T1189) and client-side exploitation for code execution (T1203).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21408Same product: Microsoft Edge Chromium
CVE-2025-21342Same product: Microsoft Edge Chromium
CVE-2025-21283Same product: Microsoft Edge Chromium
CVE-2026-45495Same product: Microsoft Edge Chromium
CVE-2026-41107Same product: Microsoft Edge Chromium
CVE-2026-21223Same product: Microsoft Edge Chromium
CVE-2026-26110Same vendor: Microsoft
CVE-2025-62554Same vendor: Microsoft
CVE-2025-21326Same vendor: Microsoft
CVE-2026-20860Same vendor: Microsoft

Affected Assets

microsoft
edge chromium
≤ 133.0.3065.51

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the RCE vulnerability by requiring timely application of Microsoft patches for the specific flaw in Edge as referenced in the update guide.

preventdetect

Provides defense-in-depth through malicious code protection mechanisms that detect and block exploit payloads targeting the browser RCE.

detect

Identifies unpatched Edge installations vulnerable to this CVE via regular vulnerability scanning.

References