CVE-2025-47181

Published: May 22, 2025Modified: Jul 8, 2025

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: secure@microsoft.com (Secondary)

Description

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

Affected (1)

Products: Microsoft: Edge Update

Microsoft

1 product

Edge Update

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Edge Update	Before 1.3.195.61

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47181

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.