Korean
<< Back
VID 50434
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Microsoft Edge installed on the remote Windows host is prior to 138.0.3351.65. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2, 2025 advisory.

- Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. (CVE-2025-49713)
- No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. (CVE-2025-49741)
- Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2025-6554)

* References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6554
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741

* Platforms Affected:
Microsoft Edge versions prior to 138.0.3351.65
Microsoft Windows Any version
Recommendation Upgrade to the latest version of Microsoft Edge at (138.0.3351.65 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
Related URL CVE-2025-49713,CVE-2025-49741,CVE-2025-6554 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)