CVE-2025-5065: 
vulnerability analysis and mitigation

CVE-2025-5065 is a security vulnerability discovered in Google Chrome's FileSystemAccess API affecting versions prior to 137.0.7151.55. The vulnerability was reported by NDevTK on March 11, 2022, and publicly disclosed on May 27, 2025. This vulnerability allows a remote attacker to perform UI spoofing through a crafted HTML page, with Google assigning it a Medium severity rating (Chrome Release, NVD).

The vulnerability is classified as CWE-451 (User Interface Misrepresentation of Critical Information). According to CISA's assessment, it has a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating that it requires user interaction and can be exploited remotely without privileges (NVD).

The vulnerability primarily affects the confidentiality aspect of the system through UI spoofing capabilities. When successfully exploited, it allows attackers to perform user interface spoofing attacks, potentially misleading users through manipulated visual elements (NVD).

Google has addressed this vulnerability in Chrome version 137.0.7151.55 and later. Users are advised to update their Chrome browsers to the latest version. The fix has also been incorporated into various downstream products, including Palo Alto Networks' Prisma Access Browser version 137.16.2.69 (Palo Alto).