CVE-2025-47181
Published: 22 May 2025
Summary
CVE-2025-47181 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Edge Update. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2025-47181 is an improper link resolution before file access vulnerability, also described as a link-following issue, that affects Microsoft Edge (Chromium-based). The flaw is tracked under CWE-59 and carries a CVSS 3.1 score of 8.8, reflecting local attack vector, low complexity, low privileges required, no user interaction, and changed scope with high impact on confidentiality, integrity, and availability.
An authorized local attacker can exploit the weakness to elevate privileges on the affected system. Because the vulnerability resides in the browser itself, successful exploitation allows the attacker to obtain higher rights than those initially granted to the Edge process.
The primary advisory and any associated patches or mitigation guidance are published by Microsoft at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47181. The EPSS score remains low, with a current value of 0.0116 and a peak of 0.0157.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20524
Vulnerability details
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.