- 93/2025
- High
Microsoft has released an updated Microsoft Edge stable channel “136.0.3240.50” to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to perform a denial of service attack, obtain sensitive information, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Microsoft Edge (Chromium-based) Heap Buffer Overflow in HTML Vulnerability (CVE-2025-4096):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Denial of Service
2. Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2025-29825):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Vulnerabilities
- CVE-2025-4052
- CVE-2025-4051
- CVE-2025-4050
- CVE-2025-4096
- CVE-2025-29825
- CVE-2025-3620
- CVE-2025-3619
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.