CVE-2025-21262: 
vulnerability analysis and mitigation

User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. The vulnerability was disclosed on January 24, 2025, and affects Microsoft Edge (Chromium-based) versions up to (excluding) 132.0.2957.127 (NVD, Microsoft Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. The attack vector is Network-based, with Low attack complexity, requires No privileges, but does require User interaction. The scope is Unchanged, with Low impact on both Confidentiality and Integrity, and No impact on Availability (NVD).

The vulnerability affects both confidentiality and integrity with low severity, potentially allowing attackers to perform spoofing attacks over a network. This could lead to misrepresentation of critical information in the browser's user interface, potentially affecting user trust and security decision-making (NVD).

Users should upgrade to Microsoft Edge (Chromium-based) version 132.0.2957.127 or later to address this vulnerability (NVD).