Microsoft CVEs - Gilliam Security

CVE-2025-24513 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Published on: 2025-03-24 07:00:00
Link: View Details
Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513. Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.

CVE-2025-1097 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Published on: 2025-03-24 07:00:00
Link: View Details
Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513. Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.

CVE-2025-1098 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Published on: 2025-03-24 07:00:00
Link: View Details
Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513. Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.

CVE-2025-1974 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Published on: 2025-03-24 07:00:00
Link: View Details
Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513. Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.

CVE-2025-24514 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Published on: 2025-03-24 07:00:00
Link: View Details
Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513. Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.

CVE-2025-25008 Windows Server Elevation of Privilege Vulnerability
Published on: 2025-03-23 07:00:00
Link: View Details
Updated links to security updates. This is an informational change only.

CVE-2025-26645 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2025-03-23 07:00:00
Link: View Details
Updated links to security updates. This is an informational change only.

Chromium: CVE-2025-2476 Use after free in Lens
Published on: 2025-03-21 07:00:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

CVE-2025-29806 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2025-03-21 07:00:00
Link: View Details
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2025-29795 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Published on: 2025-03-21 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

CVE-2024-49119 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-03-19 07:00:00
Link: View Details
Added acknowledgements. This is an informational change only.

CVE-2025-24053 Microsoft Dataverse Elevation of Privilege Vulnerability
Published on: 2025-03-13 07:00:00
Link: View Details
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

Chromium: CVE-2025-2135 Type Confusion in V8
Published on: 2025-03-12 15:32:38
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-1920 Type Confusion in V8
Published on: 2025-03-12 15:32:34
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-2137 Out of bounds read in V8
Published on: 2025-03-12 15:32:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-2136 Use after free in Inspector
Published on: 2025-03-12 15:32:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Chromium: CVE-2025-24201 Out of bounds write in GPU on Mac
Published on: 2025-03-12 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware of reports that an exploit for CVE-2025-24201 exists in the wild.

CVE-2025-24035 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

CVE-2024-9157 Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Information published.

CVE-2025-24044 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

CVE-2025-24043 WinDbg Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.

CVE-2025-24057 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-24070 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-24077 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-24078 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-24079 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-24080 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-24081 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-24082 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-24083 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-24986 Azure Promptflow Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.

CVE-2025-24987 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

CVE-2025-24988 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

CVE-2025-21180 Windows exFAT File System Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.

CVE-2025-24995 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-24996 NTLM Hash Disclosure Spoofing Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-24997 DirectX Graphics Kernel File Denial of Service Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.

CVE-2025-24998 Visual Studio Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-25003 Visual Studio Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVE-2025-25008 Windows Server Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.

CVE-2025-21247 MapUrlToZone Security Feature Bypass Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-21199 Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.

CVE-2025-24045 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

CVE-2025-24046 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

CVE-2025-24048 Windows Hyper-V Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2025-24050 Windows Hyper-V Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2025-24051 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-24055 Windows USB Video Class System Driver Information Disclosure Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.

CVE-2025-24056 Windows Telephony Service Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.

CVE-2025-24059 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-24061 Windows Mark of the Web Security Feature Bypass Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-24064 Windows Domain Name Service Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in DNS Server allows an unauthorized attacker to execute code over a network.

CVE-2025-24066 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

CVE-2025-24067 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

CVE-2025-24071 Microsoft Windows File Explorer Spoofing Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-24072 Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.

CVE-2025-24075 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-24076 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.

CVE-2025-24983 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

CVE-2025-24984 Windows NTFS Information Disclosure Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

CVE-2025-24985 Windows Fast FAT File System Driver Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

CVE-2025-24991 Windows NTFS Information Disclosure Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

CVE-2025-24992 Windows NTFS Information Disclosure Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.

CVE-2025-24993 Windows NTFS Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2025-24994 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

CVE-2025-24049 Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.

CVE-2025-26627 Azure Arc Installer Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.

CVE-2025-26629 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-26630 Microsoft Access Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.

CVE-2025-26631 Visual Studio Code Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

CVE-2025-26633 Microsoft Management Console Security Feature Bypass Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-26645 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

ADV990001 Latest Servicing Stack Updates
Published on: 2025-03-11 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.

CVE-2025-26634 Windows Core Messaging Elevation of Privileges Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.

CVE-2024-49116 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
To comprehensively address CVE-2024-49116, Microsoft has released March 2025 security updates for all supported editions of Windows Server 2016 and Windows Server 2019. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
The following updates have been made to CVE-2024-30098: 1. In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows 11 24H2 and Windows Server 2025. 2. To comprehensively address this vulnerability, Microsoft has released March 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11. 3. Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ to state that Starting with the April 2025, the fix will automatically generate an audit event in cases where the Cryptographic Service Provider (CSP) is being used with RSA keys. If you have not already enabled the fix using the DisableCapiOverrideForRSA setting, you should monitor your systems for any error events in the Windows system event log. See the FAQ section of this CVE for more information.

CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability
Published on: 2025-03-11 07:00:00
Link: View Details
In the Security Updates table added Windows Server 2022, 23H2 Edition (Server Core installation) as it is affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

Chromium: CVE-2025-1923 Inappropriate Implementation in Permission Prompts
Published on: 2025-03-07 08:00:20
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-1922 Inappropriate Implementation in Selection
Published on: 2025-03-07 08:00:17
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-1921 Inappropriate Implementation in Media Stream
Published on: 2025-03-07 08:00:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-1918 Out of bounds read in PDFium
Published on: 2025-03-07 08:00:07
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-1919 Out of bounds read in Media
Published on: 2025-03-07 08:00:10
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-1917 Inappropriate Implementation in Browser UI
Published on: 2025-03-07 08:00:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-1915 Improper Limitation of a Pathname to a Restricted Directory in DevTools
Published on: 2025-03-07 08:00:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-1916 Use after free in Profiles
Published on: 2025-03-07 08:00:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-1914 Out of bounds read in V8
Published on: 2025-03-07 08:00:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

CVE-2025-26643 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published on: 2025-03-07 08:00:00
Link: View Details
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.