Main Vulnerability Database Vulnerabilities #VU111982

Spoofing attack in Microsoft Edge - CVE-2025-47964

Published: June 27, 2025

Vulnerability identifier: #VU111982

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2025-47964

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Edge

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the Edge browser's tab-splitting feature, which allows users to browse two tabs simultaneously, displays only the domain prefix in the address bars instead of the full URL. Such behavior can be used to spoof the address bar in the tabs and perform phishing attacks.

How to mitigate CVE-2025-47964

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47964

Spoofing attack in Microsoft Edge - CVE-2025-47964

Detailed vulnerability description

How to mitigate CVE-2025-47964

Sources

Please verify you're human