CVE-2025-47964: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) has been identified with a spoofing vulnerability tracked as CVE-2025-47964. The vulnerability was discovered and disclosed in June 2025, affecting Microsoft Edge versions up to (excluding) 138.0.3351.55. The issue was addressed in the Microsoft Edge Stable Channel Version 138.0.3351.55 release (Microsoft Edge Release).

The vulnerability has been assessed with multiple CVSS v3.1 scores. Microsoft Corporation assigned a CVSS Base Score of 5.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N, while NVD assessed it with a Base Score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-451 (User Interface (UI) Misrepresentation of Critical Information) (NVD Database).

The vulnerability is classified as a spoofing issue that could potentially allow attackers to manipulate the user interface and misrepresent critical information to users. Based on the CVSS scores, the vulnerability has potential impact on confidentiality and integrity with low severity, while availability is not affected (NVD Database).

Microsoft has released a patch for this vulnerability in Microsoft Edge Stable Channel Version 138.0.3351.55. Users are advised to update their Microsoft Edge browser to this version or later to mitigate the vulnerability (Microsoft Edge Release).