CVE-2025-7390
published 2025-08-21CVE-2025-7390: A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure…
PriorityP354critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.24%
15.0th percentile
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge | — | — |
| softing | edgeaggregator | <= 2025.03 | — |
| softing | edgeconnector | <= 2025.03 | — |
| softing | opc_ua_c++_sdk | 6.40 – 6.80 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6g5p-c2f9-9435: A malicious client can bypass the client certificate trust check of an opc
ghsa_unreviewed·2025-08-21
CVE-2025-7390 [CRITICAL] CWE-295 GHSA-6g5p-c2f9-9435: A malicious client can bypass the client certificate trust check of an opc
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
Red Hat
chromium-browser: Off by one error in V8
vendor_redhat·2025-11-06·CVSS 4.3
CVE-2025-11215 [MEDIUM] CWE-193 chromium-browser: Off by one error in V8
chromium-browser: Off by one error in V8
Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Side-channel information leakage in Tab
vendor_redhat·2025-11-06·CVSS 5.4
CVE-2025-11210 [MEDIUM] CWE-208 chromium-browser: Side-channel information leakage in Tab
chromium-browser: Side-channel information leakage in Tab
Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Side-channel information leakage in Storage
vendor_redhat·2025-11-06·CVSS 6.5
CVE-2025-11207 [MEDIUM] CWE-515 chromium-browser: Side-channel information leakage in Storage
chromium-browser: Side-channel information leakage in Storage
Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Out of bounds memory access in V8
vendor_redhat·2025-11-06·CVSS 8.8
CVE-2025-12036 [HIGH] CWE-823 chromium-browser: Out of bounds memory access in V8
chromium-browser: Out of bounds memory access in V8
Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Heap buffer overflow in WebGPU
vendor_redhat·2025-11-06·CVSS 8.8
CVE-2025-11205 [HIGH] CWE-120 chromium-browser: Heap buffer overflow in WebGPU
chromium-browser: Heap buffer overflow in WebGPU
Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Use after free in V8
vendor_redhat·2025-11-06·CVSS 3.1
CVE-2025-11219 [LOW] CWE-825 chromium-browser: Use after free in V8
chromium-browser: Use after free in V8
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Heap buffer overflow in Video
vendor_redhat·2025-11-06·CVSS 7.1
CVE-2025-11206 [HIGH] CWE-120 chromium-browser: Heap buffer overflow in Video
chromium-browser: Heap buffer overflow in Video
Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Out of bounds read in Media
vendor_redhat·2025-11-06·CVSS 7.5
CVE-2025-11211 [HIGH] CWE-125 chromium-browser: Out of bounds read in Media
chromium-browser: Out of bounds read in Media
Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Use after free in Storage
vendor_redhat·2025-11-06·CVSS 8.8
CVE-2025-11460 [HIGH] CWE-825 chromium-browser: Use after free in Storage
chromium-browser: Use after free in Storage
Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Media
vendor_redhat·2025-11-06·CVSS 6.3
CVE-2025-11208 [MEDIUM] CWE-79 chromium-browser: Inappropriate implementation in Media
chromium-browser: Inappropriate implementation in Media
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Use after free in Safe Browsing
vendor_redhat·2025-11-06·CVSS 8.8
CVE-2025-11756 [HIGH] CWE-825 chromium-browser: Use after free in Safe Browsing
chromium-browser: Use after free in Safe Browsing
Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Heap buffer overflow in Sync
vendor_redhat·2025-11-06·CVSS 8.1
CVE-2025-11458 [HIGH] CWE-787 chromium-browser: Heap buffer overflow in Sync
chromium-browser: Heap buffer overflow in Sync
Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Microsoft
Chromium: CVE-2025-11756 Use after free in Safe Browsing
vendor_msrc·2025-10-14·CVSS 8.8
CVE-2025-11756 [HIGH] Chromium: CVE-2025-11756 Use after free in Safe Browsing
Chromium: CVE-2025-11756 Use after free in Safe Browsing
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
141.0.3537.85
10/17/2025
141.0.7390.107/.108
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the b
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-21
Published