Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-49741Privilege Chaining in Microsoft Edge

CWE-268Privilege ChainingCWE-200Sensitive Information Exposure5 documents5 sources
Severity
7.5HIGHNVD
CNA7.4
EPSS
5.1%
top 10.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft EdgeMicrosoft Edge Chromium
Timeline
PublishedJul 1
Latest updateAug 3

Description

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/edge_chromium< 135.0.3179.98
CVEListV5microsoft/microsoft_edge1.0.0.0135.0.3179.98

🔴Vulnerability Details

2
GHSA
GHSA-mg79-739c-7pm9: No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network2025-07-02
CVEList
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability2025-07-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure2025-08-03

📋Vendor Advisories

1
Microsoft
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability2025-07-08