Multiple Microsoft Edge Flaws Expose Users to RCE, Data Theft, and IE Mode Attacks
Microsoft Edge users faced a series of serious vulnerabilities spanning remote code execution, information disclosure, and legacy browser compatibility risks. Reported issues included CVE-2025-59251, an Edge remote code execution flaw with limited public technical detail; CVE-2025-29834, an out-of-bounds read in the V8 JavaScript engine affecting versions before 135.0.2789.91; and CVE-2025-49713, a type confusion bug in V8 that reportedly enabled in-the-wild exploitation against Edge versions before 138.0.3351.65. Separately, CVE-2025-49741 was described as an information disclosure issue tied to improper validation of the x-middleware-subrequest HTTP header, potentially exposing cached data and session tokens in versions before 137.0.3296.62.
The disclosures also highlighted risk beyond standard browsing sessions. CVE-2025-30397 affected Microsoft’s Scripting Engine when Edge was used in Internet Explorer Mode, creating an actively exploited path to remote code execution on Windows 10 and Windows 11 systems that still depend on legacy web applications. Microsoft issued updates across the affected products, while defenders were urged to prioritize browser patching, review exposure in Chromium-based deployments, harden JavaScript and web-content controls, and reduce or disable IE Mode where operationally possible. A new advisory from HKCERT on multiple Microsoft Edge vulnerabilities underscores the continuing volume of security issues affecting the browser.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
HKCERT publishes Microsoft Edge multiple vulnerabilities advisory
HKCERT published a product advisory titled "Microsoft Edge Multiple Vulnerabilities." The provided reference includes no synopsis, so no additional event details are available from the source content.
CVE-2025-59251 disclosed for Microsoft Edge
CVE-2025-59251, a remote code execution vulnerability in Chromium-based Microsoft Edge with a CVSS score of 7.6, was disclosed and documented in the Microsoft Security Update Guide. Public sources cited in the content did not provide technical root cause details, affected version ranges, or exploitation methods.
Microsoft releases Edge update for CVE-2025-49713 amid reported exploitation
Microsoft released an Edge security update for CVE-2025-49713, a type confusion vulnerability affecting versions before 138.0.3351.65. The source says exploitation is reportedly occurring in the wild, although the patch section appears to reference a different CVE.
Microsoft releases Edge update for CVE-2025-49741
Microsoft released a security update for CVE-2025-49741, described in the source as an information disclosure vulnerability affecting Edge versions prior to 137.0.3296.62. The report urges users to apply the update promptly, though it contains internal inconsistencies about the affected component.
Microsoft releases patches for CVE-2025-30397
Microsoft released Windows patches KB5058405 for Windows 10 and KB5058411 for Windows 11 to address CVE-2025-30397, a type confusion vulnerability in the Microsoft Scripting Engine affecting Edge Internet Explorer Mode. The source describes the flaw as actively exploited and particularly risky for enterprises relying on legacy web applications.
Microsoft patches CVE-2025-29834 in Edge 135.0.2789.91
Microsoft released an update for Chromium-based Edge addressing CVE-2025-29834, an out-of-bounds read flaw affecting versions prior to 135.0.2789.91. The source states no public detection methods or indicators of compromise were provided at the time.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Microsoft Edge Multiple Vulnerabilities
hkcert.org
Open sourceMicrosoft Edge CVE-2025-59251 Remote Code Execution Vulnerability: Brief Summary and Technical Review - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceMicrosoft Edge Under Attack: Unpacking CVE-2025-49713's Type Confusion Exploit - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceMicrosoft Edge CVE-2025-49741: Critical Information Disclosure via Middleware Bypass - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceType Confusion Strikes Again: Analyzing CVE-2025-30397 in Microsoft's Scripting Engine - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceEdge of Danger: Unpacking CVE-2025-29834's Out-of-Bounds Read in Microsoft Edge - ZeroPath Blog | ZeroPath
zeropath.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Edge Patches Multiple Chromium-Based Remote Code Execution Flaws
Microsoft has issued security advisories for a long-running series of **remote code execution** vulnerabilities affecting **Microsoft Edge (Chromium-based)**, with disclosures spanning multiple product update cycles. The referenced flaws include `CVE-2021-43221`, `CVE-2022-21929`, `CVE-2022-33636`, `CVE-2022-38012`, `CVE-2023-21775`, `CVE-2023-36008`, `CVE-2023-36022`, `CVE-2023-36034`, `CVE-2024-38210`, `CVE-2024-38219`, `CVE-2024-43496`, `CVE-2024-43578`, `CVE-2024-43596`, `CVE-2024-49023`, `CVE-2025-21408`, `CVE-2025-25000`, `CVE-2025-29834`, and `CVE-2025-60711`, all tracked by Microsoft as Edge RCE issues. The advisories indicate continued patching of browser-exposed attack surface in Edge, including several clusters of RCE fixes released on the same day, suggesting bundled security updates across versions. While the entries provided do not include technical synopses or exploitation details, the repeated publication of Edge RCE bulletins through Microsoft Update Guide and MSRC portal pages shows sustained remediation activity for code-execution bugs that could be triggered through malicious web content or browser processing components, reinforcing the need for rapid browser update deployment across enterprise fleets.
May 25, 2026
Microsoft Edge Information Disclosure Flaws Span Multiple CVEs
Microsoft has published security advisories for a series of **Microsoft Edge (Chromium-based) information disclosure vulnerabilities** affecting the browser across multiple release cycles. The referenced issues include `CVE-2021-36929`, `CVE-2023-33145`, `CVE-2023-36880`, `CVE-2023-38158`, `CVE-2024-21423`, `CVE-2024-29987`, `CVE-2024-30056`, `CVE-2024-38103`, `CVE-2024-38222`, `CVE-2024-49025`, and `CVE-2025-49741`, all listed by Microsoft as information disclosure vulnerabilities in the Chromium-based Edge browser. The advisories provide limited public detail, but the volume and recurrence of these CVEs show an ongoing stream of browser security fixes tied to unintended exposure of sensitive information. For defenders, the immediate takeaway is to ensure **Microsoft Edge is kept fully updated** and to track MSRC guidance for affected versions, as browser-based information disclosure bugs can aid reconnaissance, weaken privacy protections, or support follow-on exploitation when chained with other vulnerabilities.
May 25, 2026
Microsoft Edge Chromium Remote Code Execution Vulnerabilities Tracked as CVE-2025-21342 and CVE-2022-21931
Microsoft has published Security Update Guide entries for two **Microsoft Edge (Chromium-based)** remote code execution flaws, **`CVE-2025-21342`** and **`CVE-2022-21931`**. Both advisories identify the same impact category—remote code execution in the browser—indicating that successful exploitation could allow malicious code to run in the context of the targeted Edge process. The disclosures show Microsoft continuing to track and remediate serious browser security issues affecting its Chromium-based Edge platform through formal update guidance. Organizations using Microsoft Edge should review the relevant Security Update Guide entries for affected versions and apply available browser updates promptly, as RCE flaws in web browsers can be triggered through malicious web content and pose a direct risk to enterprise endpoints.
Jun 20, 2026