CVE-2025-65046

Published Dec 18, 2025

Last updated a month ago

CVSS low 3.1

Overview

Description
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Source
secure@microsoft.com
NVD status
Modified
Products
edge_chromium

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.1
Impact score
1.4
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

secure@microsoft.com
CWE-451
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-290

Social media

Hype score
Not currently trending

  1. CVE-2025-65046: Edge Android full address bar spoof

    @RenwaX23

    24 Dec 2025

    2244 Impressions

    1 Retweet

    27 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.CVE-2026-0102
  2. User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.CVE-2026-0391
  3. Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.CVE-2026-21223
  4. Google Chromium Out of Bounds Memory Access VulnerabilityCVE-2025-14174
  5. User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.CVE-2025-62223

References

Sources include official advisories and independent security research.