CVE-2025-49736

🔶 medium

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

CVSS Score

4.3

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2025-08-12

First Seen: 2026-01-05

This CVE is Lower Risk - more severe than 5.4% of all 326,604 vulnerabilities in our database.

#308,897

Below average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2025-08-15

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE IDs (Weakness Types)

CWE-449

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
microsoft	edge	Affected	< 139.0.3405.86

Vendor Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-35429	🔶 medium	4.3	0.1	User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized ...	2026-05-12
CVE-2026-33119	🔶 medium	5.4	0.0	User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized ...	2026-04-10
CVE-2026-32187	🔶 medium	4.2	0.1	Microsoft Edge (Chromium-based) Defense in Depth Vulnerability	2026-03-27
CVE-2026-26133	⚠️ high	7.1	0.1	AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.	2026-03-16
CVE-2025-62224	🔶 medium	5.5	0.1	User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacke...	2026-01-07
CVE-2025-47967	🔶 medium	4.7	0.1	Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform...	2025-09-16

These CVEs affect the same products