CVE-2025-21342
Published: 06 February 2025
Summary
CVE-2025-21342 is a high-severity Type Confusion (CWE-843) vulnerability in Microsoft Edge Chromium. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 23.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft Edge (Chromium-based) contains a remote code execution vulnerability tracked as CVE-2025-21342. It carries a CVSS 3.1 base score of 8.8 with the vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and is associated with CWE-843.
An attacker can exploit the flaw over the network without authentication, provided the victim performs some user interaction such as visiting a crafted web page, resulting in full compromise of confidentiality, integrity, and availability on the affected system.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21342 supplies official guidance on available patches and mitigation steps.
EPSS scores remain low, with a current value of 0.0090 and a recorded peak of 0.0138.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2407
Vulnerability details
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE describes RCE in Microsoft Edge browser requiring user interaction over network, directly enabling client-side exploitation (T1203) and user execution via malicious link (T1204.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of flaws like CVE-2025-21342 in Microsoft Edge through vendor patches.
Mandates vulnerability scanning and monitoring to identify and remediate systems affected by the Edge RCE vulnerability CVE-2025-21342.
Deploys malicious code protection mechanisms to block or detect exploits targeting the remote code execution vulnerability in Chromium-based Edge.