CVE-2025-60711: 
vulnerability analysis and mitigation

A protection mechanism failure vulnerability was discovered in Microsoft Edge (Chromium-based) that allows an unauthorized attacker to execute code over a network. The vulnerability, tracked as CVE-2025-60711, was disclosed on October 31, 2025, and affects Microsoft Edge versions up to (excluding) 142.0.3595.53 (NVD, ASEC).

The vulnerability has been assigned a CVSS v3.1 base score of 6.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. The scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction. The impact affects confidentiality, integrity, and availability, all at a low level. The vulnerability is classified under CWE-693 (Protection Mechanism Failure) (NVD).

The vulnerability can lead to remote code execution on affected systems when successfully exploited. It affects the confidentiality, integrity, and availability of the system, though all at a low level according to the CVSS scoring (NVD).

Microsoft has released a security update to address this vulnerability in Microsoft Edge version 142.0.3595.53. Users are advised to update to this version or later to mitigate the risk. The patch was made available on October 31, 2025 (ASEC).