Main Vulnerability Database Vulnerabilities #VU111982

#VU111982 Spoofing attack in Microsoft Edge - CVE-2025-47964

Published: June 27, 2025

Vulnerability identifier: #VU111982

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2025-47964

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Edge

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the Edge browser's tab-splitting feature, which allows users to browse two tabs simultaneously, displays only the domain prefix in the address bars instead of the full URL. Such behavior can be used to spoof the address bar in the tabs and perform phishing attacks.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47964

#VU111982 Spoofing attack in Microsoft Edge - CVE-2025-47964

Description

Remediation

External links

Please verify you're human