CVE-2025-21399
Published: 17 January 2025
Summary
CVE-2025-21399 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Microsoft Edge Update. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the elevation of privilege vulnerability in the Microsoft Edge update component by establishing processes for timely application of vendor-provided patches.
Verifies the authenticity of Edge update components prior to execution or use, preventing loading of malicious binaries via the untrusted search path exploited by this CWE-426 vulnerability.
Enforces software integrity verification for the update component, detecting and blocking unauthorized or tampered binaries that could be loaded through the vulnerable untrusted search path.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE describes local EoP via untrusted search path (CWE-426) in Edge update component, directly enabling T1068 for privilege escalation and facilitating T1574.008 via search order hijacking of untrusted paths.
NVD Description
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Deeper analysisAI
CVE-2025-21399 is an elevation of privilege vulnerability in the update component of Microsoft Edge (Chromium-based). Published on 2025-01-17, it carries a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-426 (Untrusted Search Path).
The vulnerability can be exploited by a local attacker requiring no privileges or user interaction, though it demands high attack complexity. Successful exploitation enables elevation of privileges, resulting in high impacts to confidentiality, integrity, and availability.
Microsoft's Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21399 details patching guidance. Vicarius provides a detection script at https://www.vicarius.io/vsociety/posts/elevation-of-privilege-vulnerability-in-microsoft-edge-chromium-based-detection-script and a mitigation script at https://www.vicarius.io/vsociety/posts/elevation-of-privilege-vulnerability-in-microsoft-edge-chromium-based-mitigation-script.
Details
- CWE(s)