CVE-2025-3065
published 2025-04-24CVE-2025-3065: The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and…
PriorityP265critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
0.89%
54.9th percentile
The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge | — | — |
| msrc | microsoft_edge_for_android | — | — |
| msrc | microsoft_edge_for_ios | — | — |
| neoslab | database_toolset | <= 1.8.4 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3jmr-84q9-rpjf: The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and
ghsa_unreviewed·2025-04-24
CVE-2025-3065 [CRITICAL] CWE-22 GHSA-3jmr-84q9-rpjf: The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and
The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2025-02-11·CVSS 4.4
CVE-2025-21267 [MEDIUM] CWE-358 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.51
2/6/2025
133.0.6943.53/54
FAQ: According to the CVSS metrics,
Microsoft
Chromium: CVE-2025-1426 Heap buffer overflow in GPU
vendor_msrc·2025-02-11·CVSS 8.8
CVE-2025-1006 [HIGH] Chromium: CVE-2025-1426 Heap buffer overflow in GPU
Chromium: CVE-2025-1426 Heap buffer overflow in GPU
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.82
2/21/2025
133.0.6943.126/.127
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser
Microsoft
Microsoft Edge for IOS and Android Spoofing Vulnerability
vendor_msrc·2025-02-11·CVSS 5.3
CVE-2025-21253 [MEDIUM] CWE-451 Microsoft Edge for IOS and Android Spoofing Vulnerability
Microsoft Edge for IOS and Android Spoofing Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.51
2/6/2025
133.0.6943.53/54
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?
An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).
Microsoft Edge for iOS
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2025-02-11·CVSS 6.5
CVE-2025-21283 [MEDIUM] CWE-1222 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?
Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.51
2/6/2025
133.0.6943.53/54
Microsoft E
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2025-02-11·CVSS 8.8
CVE-2025-21342 [HIGH] CWE-843 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality), make changes to disclosed information (Integrity), and they might be able to force a crash within the browser tab (Availability).
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.51
2/6/2025
133.0.6943.53/54
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2025-02-11·CVSS 4.3
CVE-2025-21404 [MEDIUM] CWE-449 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.51
2/6/2025
133.0.6943.53/54
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?
The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Microsoft
Chromium: CVE-2025-0999 Heap buffer overflow in V8
vendor_msrc·2025-02-11·CVSS 8.8
CVE-2025-0999 [HIGH] Chromium: CVE-2025-0999 Heap buffer overflow in V8
Chromium: CVE-2025-0999 Heap buffer overflow in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.82
2/21/2025
133.0.6943.126/.127
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
Microsoft
Chromium: CVE-2025-1006 Use after free in Network
vendor_msrc·2025-02-11·CVSS 8.8
CVE-2025-1426 [HIGH] Chromium: CVE-2025-1006 Use after free in Network
Chromium: CVE-2025-1006 Use after free in Network
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.82
2/21/2025
133.0.6943.126/.127
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2025-02-11·CVSS 8.8
CVE-2025-21408 [HIGH] CWE-843 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?
Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.51
2/6/2025
133.0.6943.53/54
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Re
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2025-02-11·CVSS 6.5
CVE-2025-21279 [MEDIUM] CWE-843 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?
Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.51
2/6/2025
133.0.6943.53/54
Microsoft E
Microsoft
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
vendor_msrc·2025-02-11·CVSS 4.5
CVE-2025-21401 [MEDIUM] CWE-601 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
133.0.3065.69
2/14/2025
133.0.6943.98/.99
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?
While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnera
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-24
Published