What is the CVSS score of CVE-2025-49741?

CVE-2025-49741 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.9%.

Which versions of Edge Chromium are affected by CVE-2025-49741?

CVE-2025-49741 is a high-severity vulnerability (CVSS 7.4) affecting an unspecified product with publicly available exploit code, creating immediate risk of unauthorized access or compromise.. A patch is available.

Is there a public PoC exploit available for CVE-2025-49741?

Yes, a public proof-of-concept exploit is available for CVE-2025-49741. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate CVE-2025-49741?

Within 24 hours: Identify all systems running the affected product and assess network exposure. Within 7 days: Apply vendor-released patch to all affected assets; prioritize internet-facing and critical infrastructure systems. Within 30 days: Verify patch deployment across all inventory and validate successful application through vulnerability scanning.

Edge Chromium CVE-2025-49741

EUVD-2025-19709 HIGH

Privilege Chaining (CWE-268)

2025-07-01 secure@microsoft.com

Microsoft Google Information Disclosure Edge Chromium Chrome

7.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:35 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

135.0.3179.98

EUVD ID Assigned

Mar 16, 2026 - 01:42 euvd

EUVD-2025-19709

Analysis Generated

Mar 16, 2026 - 01:42 vuln.today

PoC Detected

Jul 08, 2025 - 17:16 vuln.today

Public exploit code

CVE Published

Jul 01, 2025 - 23:15 nvd

HIGH 7.4

DescriptionCVE.org

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

AnalysisAI

A security vulnerability in No cwe for this (CVSS 7.4) that allows an unauthorized attacker. Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 7.4 indicates high severity. Affects No cwe for this.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-49741 vulnerability details – vuln.today

Back

Edge Chromium CVE-2025-49741

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code