Description
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
Published: 2025-12-05
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: UI spoofing over a network
Action: Monitor
AI Analysis

Impact

Microsoft Edge (Chromium-based) contains a user interface misrepresentation flaw that lets an unauthorized attacker spoof critical information presented to the user. An attacker who can influence what is displayed in the browser could masquerade as a legitimate entity or display false data, potentially misleading the user into taking an unintended action. The vulnerability impacts the integrity of the information the user receives and may expose the user to phishing or other deceptive attacks.

Affected Systems

The vulnerability affects Microsoft Edge (Chromium‑based) on iOS devices. No specific version information has been disclosed, so all installations of the affected browser should be considered potentially vulnerable until a patch is released.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate risk, while the EPSS score of less than 1% suggests a low likelihood of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is remote, occurring over a network when the attacker can manipulate the content presented in the browser on an iOS device. No special prerequisites beyond the ability to influence the UI are stated, so the threat can affect any user who accepts the spoofed information without additional safeguards.

Generated by OpenCVE AI on April 20, 2026 at 16:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Edge update to ensure the fix is in place.
  • Verify that network connections use secure TLS and that certificate chains are valid to prevent man‑in‑the‑middle manipulation.
  • Monitor the user interface for unexpected or inconsistent displays of critical information and educate users to verify the authenticity of content before acting.

Generated by OpenCVE AI on April 20, 2026 at 16:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Dec 2025 00:45:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-16T14:18:19.263Z

Reserved: 2025-10-08T20:10:09.350Z

Link: CVE-2025-62223

cve-icon Vulnrichment

Updated: 2025-12-05T16:55:22.713Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-05T01:15:48.557

Modified: 2025-12-10T23:26:17.600

Link: CVE-2025-62223

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:15:11Z

Weaknesses