CVE-2025-49741

HIGH

Microsoft Edge Chromium < 135.0.3179.98 - Unauthenticated Information Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-49741. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This Python script simulates an exploit for CVE-2025-49741, an information disclosure vulnerability in Microsoft Edge (Chromium-based). It runs two HTTP servers to demonstrate header collection and data exfiltration.

Description

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · textremotewindows

https://www.exploit-db.com/exploits/52389

View Code ZIP pw:eip

This Python script simulates an exploit for CVE-2025-49741, an information disclosure vulnerability in Microsoft Edge (Chromium-based). It runs two HTTP servers to demonstrate header collection and data exfiltration.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Edge (Chromium-based) 135.0.7049.114/.115

No auth needed

Prerequisites: Python 3.6+ · requests library

MITRE ATT&CK

T1119 - Automated Collection T1041 - Exfiltration Over C2 Channel

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741

Scores

CVSS v3 7.4

EPSS 0.0911

EPSS Percentile 92.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-268

Status published

Products (1)

microsoft/edge_chromium < 135.0.3179.98

Published Jul 01, 2025

Tracked Since Feb 18, 2026