Microsoft Edge Multiple Vulnerabilities

Severity Level: High

Date: 20/06/2025

Ref: CERT/NCSOC/0232

System / Technologies Affected

• Microsoft Edge version prior to 136.0.3240.76

Overview

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and remote code execution on the targeted system.

Description

CVE-2025-4664 is being exploited in the wild. The vulnerability is in Chromium Open Source Software (OSS), which is used by Microsoft Edge (Chromium-based). Insufficient policy enforcement in the Loader component of Google Chrome (prior to version 136.0.7103.113) allowed a remote attacker to leak cross-origin data via a crafted HTML page. As a result, this vulnerability is considered high risk.

Vulnerabilities Identified:

• CVE-2025-4609
• CVE-2025-4664

Impact

• Remote Code Execution
• Information Disclosure

Solution/Workarounds

• Before installation of the software, please visit the software vendor website for more details. Apply fixes issued by the vendor:
  Update to version 136.0.3240.76 or later.

Reference

• CVE-2025-4664 - Microsoft Security Response Center
• HKCERT Security Bulletin
• CVE-2025-4609 - Microsoft Security Response Center

Disclaimer

The information provided herein is on an "as is" basis, without warranty of any kind.