Description
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
Published: 2026-01-07
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: User Interface Spoofing
Action: Update Browser
AI Analysis

Impact

The vulnerability is a user interface misrepresentation that allows an authorized attacker to present incorrect or misleading information within Microsoft Edge for Android. Because the browser can display falsified security prompts or navigation cues, a user may be tricked into performing actions such as entering credentials, downloading malware, or visiting a malicious site. This is a typical spoofing issue, identified with CWE‑451, leading to potential compromise of user trust and confidentiality.

Affected Systems

Affected system is Microsoft Edge for Android (Chromium-based). All releases lacking the latest security patch are affected; specific version ranges are not listed in the advisory, so any version before the fix should be treated as vulnerable. The issue affects the browser running on Android devices.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate impact, and the EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Likely attack requires the attacker to have authorized device or network access to influence the displayed UI. Given the low exploitation probability, the overall risk is moderate but not critical, yet it is advisable to mitigate promptly.

Generated by OpenCVE AI on April 20, 2026 at 15:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Microsoft Edge for Android to the latest version available in the Google Play Store.
  • Enable the browser’s Secure DNS and Site Isolation features to reduce the impact of spoofed site data.
  • Use a reputable firewall or VPN that enforces DNS over HTTPS to prevent network-level spoofing attempts.

Generated by OpenCVE AI on April 20, 2026 at 15:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 09 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
Title Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge
Weaknesses CWE-451
CPEs cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*
Vendors & Products Microsoft
Microsoft edge
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-16T14:18:41.943Z

Reserved: 2025-10-08T20:10:09.350Z

Link: CVE-2025-62224

cve-icon Vulnrichment

Updated: 2026-01-08T15:09:14.535Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-07T23:15:44.407

Modified: 2026-02-02T19:21:20.177

Link: CVE-2025-62224

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:00:10Z

Weaknesses