Microsoft Edge Multiple Vulnerabilities

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, data manipulation and sensitive information disclosure on the targeted system.

Note:

• CVE-2025-24201 is being exploited in the wild, which have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2. Hence, the risk level is rated as High Risk.
• Microsoft has released another updated version of Microsoft Edge Stable Channel (Version 134.0.3124.68) on 13 Mar 2025. Users updating to this version could also fix the vulnerabilities.

[Updated on 2025-03-14]

Updated Description and Related Links.

Impact

• Remote Code Execution
• Denial of Service
• Data Manipulation
• Information Disclosure

System / Technologies affected

• Microsoft Edge Stable Channel version prior to 134.0.3124.66

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to Microsoft Edge Stable Channel version 134.0.3124.66 or later

Vulnerability Identifier

• CVE-2025-1920
• CVE-2025-2135
• CVE-2025-2136
• CVE-2025-2137
• CVE-2025-24201

Source

• Microsoft Edge

Related Link

• https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#march-13-2025
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1920
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2135
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2136
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2137
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24201
• https://support.apple.com/en-us/122285
• https://www.cisa.gov/news-events/alerts/2025/03/13/cisa-adds-two-known-exploited-vulnerabilities-catalog