CVE-2025-59251: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) was found to contain a Remote Code Execution vulnerability, identified as CVE-2025-59251. The vulnerability was initially disclosed on September 24, 2025, affecting Microsoft Edge versions prior to 140.0.3485.81. This security flaw was reported by Microsoft Corporation and has been classified as a code injection vulnerability (NVD).

The vulnerability has been classified under CWE-94 (Improper Control of Generation of Code - 'Code Injection'). According to the CVSS 3.1 scoring system, it received a Base Score of 7.6 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD).

The vulnerability poses significant risks to affected systems, potentially allowing attackers to execute arbitrary code remotely, compromise data confidentiality, and affect system integrity. The high CVSS score indicates substantial potential impact on both confidentiality and integrity of the affected systems (CERT-FR).

Microsoft has released a security update to address this vulnerability. Users are advised to upgrade to Microsoft Edge version 140.0.3485.81 or later to mitigate the risk. The fix is available through the standard Microsoft Edge update channels (NVD).