See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2025-21404

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 6, 2025

Updated: Feb 11, 2025

CWE ID 451

CWE ID 449

Summary

CVE-2025-21404 is a new spoofing vulnerability affecting Microsoft Edge browsers based on Chromium. Maliciously crafted web content can manipulate the address bar display, potentially deceiving users into believing they are on a trusted site. This security flaw can lead to phishing attacks and data breaches. Attackers can exploit this vulnerability by setting the address bar to display a false URL, even if the user lands on a different webpage. Microsoft is working on a patch to address this issue. Users are advised to keep their browsers updated to protect against potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft Edge Chromium

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database