| VID |
50434 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 138.0.3351.65. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2, 2025 advisory.
- Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. (CVE-2025-49713) - No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. (CVE-2025-49741) - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2025-6554)
* References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6554 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741
* Platforms Affected: Microsoft Edge versions prior to 138.0.3351.65 Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (138.0.3351.65 or later), as described in the Microsoft Security bulletin at https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security |
| Related URL |
CVE-2025-49713,CVE-2025-49741,CVE-2025-6554 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|