CVE-2025-21401

MEDIUM

Microsoft Edge Chromium < 133.0.3065.69 - Security Feature Bypass via URL Redirection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-21401. PoCs published by toxy4ny.

AI-analyzed exploit summary The repository claims to exploit CVE-2025-21401 and CVE-2025-21420 via a BadUSB script but provides no technical details, exploit code, or proof-of-concept. It mentions educational purposes but lacks substance, resembling a social engineering lure.

Description

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Exploits (1)

github SUSPICIOUS 7 stars

by toxy4ny · poc

https://github.com/toxy4ny/edge-maradeur

View Code ZIP pw:eip

The repository claims to exploit CVE-2025-21401 and CVE-2025-21420 via a BadUSB script but provides no technical details, exploit code, or proof-of-concept. It mentions educational purposes but lacks substance, resembling a social engineering lure.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Windows Disk Cleanup and Microsoft Edge

No auth needed

Prerequisites: BadUSB device · physical access

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21401

Scores

CVSS v3 4.5

EPSS 0.0031

EPSS Percentile 22.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

microsoft/edge_chromium < 133.0.3065.69

Published Feb 15, 2025

Tracked Since Feb 18, 2026