CVE-2025-29806

Published: Mar 23, 2025Modified: Apr 2, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Affected (1)

Products: Microsoft: Edge Chromium

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Edge Chromium	Before 129.0.2792.52

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.