Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities found for Microsoft Edge for iOS by Microsoft
CVE-2026-26133 (GCVE-0-2026-26133)
Vulnerability from nvd – Published: 2026-03-13 21:10 – Updated: 2026-04-14 16:36
VLAI?
Title
M365 Copilot Information Disclosure Vulnerability
Summary
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft 365 Copilot for Android |
Affected:
1.0 , < 16.0.19815.10000
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-12 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:24:19.473896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:24:30.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft 365 Copilot for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19815.10000",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft 365 Copilot for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.107.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "145.3800.99",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "145.3800.99",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Excel for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Excel for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Loop for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft OneNote",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft OneNote for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19725.20142",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for Mac",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerBI for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.2.260210.21290750",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerBI for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2.260302.2193910",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerPoint for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerPoint for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.0.0.2026043102",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.3.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Word for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Word for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_ios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_copilot_iOS:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.107.2",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "145.3800.99",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "8.3.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
"versionEndExcluding": "1.0.0.2026043102",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:loop:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_copilot_Android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.19815.10000",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:power_bi_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.260210.21290750",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:power_bi_iOS:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.260302.2193910",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.19725.20142",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "145.3800.99",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:36:44.731Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "M365 Copilot Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133"
}
],
"title": "M365 Copilot Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26133",
"datePublished": "2026-03-13T21:10:13.535Z",
"dateReserved": "2026-02-11T16:24:51.133Z",
"dateUpdated": "2026-04-14T16:36:44.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-29796 (GCVE-0-2025-29796)
Vulnerability from nvd – Published: 2025-04-04 00:00 – Updated: 2026-02-13 19:32
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 135.0.3179.54
(custom)
|
Date Public ?
2025-04-03 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:39:06.890172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T20:21:43.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "135.0.3179.54",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "135.0.3179.54",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-04-03T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:32:47.288Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29796"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-29796",
"datePublished": "2025-04-04T00:00:16.022Z",
"dateReserved": "2025-03-11T18:19:40.247Z",
"dateUpdated": "2026-02-13T19:32:47.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25001 (GCVE-0-2025-25001)
Vulnerability from nvd – Published: 2025-04-04 00:00 – Updated: 2026-02-13 19:32
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 132.0.2957.118
(custom)
|
Date Public ?
2025-04-03 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:39:21.141463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T20:21:50.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "132.0.2957.118",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "132.0.2957.118",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-04-03T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:32:59.434Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25001"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-25001",
"datePublished": "2025-04-04T00:00:13.527Z",
"dateReserved": "2025-01-30T15:14:20.993Z",
"dateUpdated": "2026-02-13T19:32:59.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21253 (GCVE-0-2025-21253)
Vulnerability from nvd – Published: 2025-02-06 22:41 – Updated: 2026-02-13 19:44
VLAI?
Title
Microsoft Edge for IOS and Android Spoofing Vulnerability
Summary
Microsoft Edge for IOS and Android Spoofing Vulnerability
Severity ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Edge for Android |
Affected:
1.0.0 , < 133.0.3065.51
(custom)
|
|||||||
|
|||||||||
Date Public ?
2025-02-06 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:02:37.230074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:04:37.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "133.0.3065.51",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "133.0.3065.51",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "133.0.3065.51",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "133.0.3065.51",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-02-06T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:44:27.259Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for IOS and Android Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21253"
}
],
"title": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21253",
"datePublished": "2025-02-06T22:41:33.947Z",
"dateReserved": "2024-12-10T23:54:12.932Z",
"dateUpdated": "2026-02-13T19:44:27.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38083 (GCVE-0-2024-38083)
Vulnerability from nvd – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
VLAI?
Title
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 126.0.2592.56
(custom)
|
|||||||
|
|||||||||
Date Public ?
2024-06-13 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T14:11:06.776687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T14:11:13.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "126.0.2592.56",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "126.0.2592.56",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "126.0.2592.56",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "126.0.2592.56",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:49.457Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38083",
"datePublished": "2024-06-13T19:24:39.838Z",
"dateReserved": "2024-06-11T22:36:08.182Z",
"dateUpdated": "2025-12-17T22:23:49.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-30057 (GCVE-0-2024-30057)
Vulnerability from nvd – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Microsoft Edge for iOS Spoofing Vulnerability
Severity ?
CWE
- CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 126.0.2592.56
(custom)
|
Date Public ?
2024-06-13 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T18:20:31.602770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T18:20:37.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "126.0.2592.56",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "126.0.2592.56",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for iOS Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:48.293Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-30057",
"datePublished": "2024-06-13T19:24:38.694Z",
"dateReserved": "2024-03-22T23:12:14.564Z",
"dateUpdated": "2025-12-17T22:23:48.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-36883 (GCVE-0-2023-36883)
Vulnerability from nvd – Published: 2023-07-14 17:54 – Updated: 2025-02-28 19:39
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Microsoft Edge for iOS Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 114.0.1823.82
(custom)
|
Date Public ?
2023-07-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:24:27.268801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:39:14.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "114.0.1823.82",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "114.0.1823.82",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-07-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for iOS Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:52:38.701Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36883",
"datePublished": "2023-07-14T17:54:33.168Z",
"dateReserved": "2023-06-27T20:28:05.993Z",
"dateUpdated": "2025-02-28T19:39:14.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44708 (GCVE-0-2022-44708)
Vulnerability from nvd – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
VLAI?
Title
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Summary
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity ?
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 108.0.1462.42
(custom)
|
|||||||
|
|||||||||
Date Public ?
2022-12-05 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:30.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44708"
},
{
"name": "GLSA-202305-10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "108.0.1462.42",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "108.0.1462.42",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "108.0.1462.42",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "108.0.1462.42",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-05T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:47.144Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708"
}
],
"title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-44708",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-11-03T00:00:00.000Z",
"dateUpdated": "2025-07-22T17:49:47.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43220 (GCVE-0-2021-43220)
Vulnerability from nvd – Published: 2021-11-24 01:05 – Updated: 2024-08-04 03:55
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Microsoft Edge for iOS Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 96.0 1954.29
(custom)
cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:* |
Date Public ?
2021-11-19 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:27.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "96.0 1954.29",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-19T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for iOS Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:47:49.728Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43220"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-43220",
"datePublished": "2021-11-24T01:05:15.000Z",
"dateReserved": "2021-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:55:27.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-26133 (GCVE-0-2026-26133)
Vulnerability from cvelistv5 – Published: 2026-03-13 21:10 – Updated: 2026-04-14 16:36
VLAI?
Title
M365 Copilot Information Disclosure Vulnerability
Summary
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft 365 Copilot for Android |
Affected:
1.0 , < 16.0.19815.10000
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2026-03-12 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:24:19.473896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:24:30.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft 365 Copilot for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19815.10000",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft 365 Copilot for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.107.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "145.3800.99",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "145.3800.99",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Excel for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Excel for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Loop for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft OneNote",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft OneNote for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19725.20142",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for Mac",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerBI for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.2.260210.21290750",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerBI for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2.260302.2193910",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerPoint for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerPoint for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.0.0.2026043102",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.3.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Word for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Word for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_ios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_copilot_iOS:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.107.2",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "145.3800.99",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "8.3.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
"versionEndExcluding": "1.0.0.2026043102",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:loop:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_copilot_Android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.19815.10000",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:power_bi_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.260210.21290750",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:power_bi_iOS:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.260302.2193910",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.19725.20142",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "145.3800.99",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:36:44.731Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "M365 Copilot Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133"
}
],
"title": "M365 Copilot Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26133",
"datePublished": "2026-03-13T21:10:13.535Z",
"dateReserved": "2026-02-11T16:24:51.133Z",
"dateUpdated": "2026-04-14T16:36:44.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-29796 (GCVE-0-2025-29796)
Vulnerability from cvelistv5 – Published: 2025-04-04 00:00 – Updated: 2026-02-13 19:32
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 135.0.3179.54
(custom)
|
Date Public ?
2025-04-03 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:39:06.890172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T20:21:43.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "135.0.3179.54",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "135.0.3179.54",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-04-03T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:32:47.288Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29796"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-29796",
"datePublished": "2025-04-04T00:00:16.022Z",
"dateReserved": "2025-03-11T18:19:40.247Z",
"dateUpdated": "2026-02-13T19:32:47.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25001 (GCVE-0-2025-25001)
Vulnerability from cvelistv5 – Published: 2025-04-04 00:00 – Updated: 2026-02-13 19:32
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 132.0.2957.118
(custom)
|
Date Public ?
2025-04-03 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:39:21.141463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T20:21:50.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "132.0.2957.118",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "132.0.2957.118",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-04-03T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:32:59.434Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25001"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-25001",
"datePublished": "2025-04-04T00:00:13.527Z",
"dateReserved": "2025-01-30T15:14:20.993Z",
"dateUpdated": "2026-02-13T19:32:59.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21253 (GCVE-0-2025-21253)
Vulnerability from cvelistv5 – Published: 2025-02-06 22:41 – Updated: 2026-02-13 19:44
VLAI?
Title
Microsoft Edge for IOS and Android Spoofing Vulnerability
Summary
Microsoft Edge for IOS and Android Spoofing Vulnerability
Severity ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Edge for Android |
Affected:
1.0.0 , < 133.0.3065.51
(custom)
|
|||||||
|
|||||||||
Date Public ?
2025-02-06 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:02:37.230074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:04:37.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "133.0.3065.51",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "133.0.3065.51",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "133.0.3065.51",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "133.0.3065.51",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-02-06T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:44:27.259Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for IOS and Android Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21253"
}
],
"title": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21253",
"datePublished": "2025-02-06T22:41:33.947Z",
"dateReserved": "2024-12-10T23:54:12.932Z",
"dateUpdated": "2026-02-13T19:44:27.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38083 (GCVE-0-2024-38083)
Vulnerability from cvelistv5 – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
VLAI?
Title
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 126.0.2592.56
(custom)
|
|||||||
|
|||||||||
Date Public ?
2024-06-13 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T14:11:06.776687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T14:11:13.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "126.0.2592.56",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "126.0.2592.56",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "126.0.2592.56",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "126.0.2592.56",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:49.457Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38083",
"datePublished": "2024-06-13T19:24:39.838Z",
"dateReserved": "2024-06-11T22:36:08.182Z",
"dateUpdated": "2025-12-17T22:23:49.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-30057 (GCVE-0-2024-30057)
Vulnerability from cvelistv5 – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Microsoft Edge for iOS Spoofing Vulnerability
Severity ?
CWE
- CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 126.0.2592.56
(custom)
|
Date Public ?
2024-06-13 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T18:20:31.602770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T18:20:37.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "126.0.2592.56",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "126.0.2592.56",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for iOS Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:48.293Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-30057",
"datePublished": "2024-06-13T19:24:38.694Z",
"dateReserved": "2024-03-22T23:12:14.564Z",
"dateUpdated": "2025-12-17T22:23:48.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-36883 (GCVE-0-2023-36883)
Vulnerability from cvelistv5 – Published: 2023-07-14 17:54 – Updated: 2025-02-28 19:39
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Microsoft Edge for iOS Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 114.0.1823.82
(custom)
|
Date Public ?
2023-07-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:24:27.268801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:39:14.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "114.0.1823.82",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "114.0.1823.82",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-07-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for iOS Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:52:38.701Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for iOS Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36883",
"datePublished": "2023-07-14T17:54:33.168Z",
"dateReserved": "2023-06-27T20:28:05.993Z",
"dateUpdated": "2025-02-28T19:39:14.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44708 (GCVE-0-2022-44708)
Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
VLAI?
Title
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Summary
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity ?
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 108.0.1462.42
(custom)
|
|||||||
|
|||||||||
Date Public ?
2022-12-05 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:30.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44708"
},
{
"name": "GLSA-202305-10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "108.0.1462.42",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "108.0.1462.42",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "108.0.1462.42",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "108.0.1462.42",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-05T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:47.144Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708"
}
],
"title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-44708",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-11-03T00:00:00.000Z",
"dateUpdated": "2025-07-22T17:49:47.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43220 (GCVE-0-2021-43220)
Vulnerability from cvelistv5 – Published: 2021-11-24 01:05 – Updated: 2024-08-04 03:55
VLAI?
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Microsoft Edge for iOS Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge for iOS |
Affected:
1.0.0.0 , < 96.0 1954.29
(custom)
cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:* |
Date Public ?
2021-11-19 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:27.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "96.0 1954.29",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-19T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for iOS Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:47:49.728Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43220"
}
],
"title": "Microsoft Edge for iOS Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-43220",
"datePublished": "2021-11-24T01:05:15.000Z",
"dateReserved": "2021-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:55:27.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}