{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62223", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-10-08T20:10:09.350Z", "datePublished": "2025-12-05T00:21:41.975Z", "dateUpdated": "2026-04-16T14:18:19.263Z"}, "containers": {"cna": {"title": "Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability", "datePublic": "2025-12-04T08:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0.0", "versionEndExcluding": "143.0.3650.66"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "versions": [{"version": "1.0.0.0", "lessThan": "143.0.3650.66", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", "lang": "en-US", "type": "CWE", "cweId": "CWE-451"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:18:19.263Z"}, "references": [{"name": "Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62223"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T16:55:17.353236Z", "id": "CVE-2025-62223", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T16:55:26.048Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62223", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T16:55:17.353236Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T16:55:22.713Z"}}], "cna": {"title": "Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "versions": [{"status": "affected", "version": "1.0.0.0", "lessThan": "143.0.3650.66", "versionType": "custom"}]}], "datePublic": "2025-12-04T08:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62223", "name": "Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "143.0.3650.66", "versionStartIncluding": "1.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:18:19.263Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62223", "state": "PUBLISHED", "dateUpdated": "2026-04-16T14:18:19.263Z", "dateReserved": "2025-10-08T20:10:09.350Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-12-05T00:21:41.975Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "matchCriteriaId": "C86B5AA6-743D-478B-86E7-D50CE1175A55", "versionEndExcluding": "143.0.3650.66", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network."}], "id": "CVE-2025-62223", "lastModified": "2025-12-10T23:26:17.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2025-12-05T01:15:48.557", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62223"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T16:14:44.981302+00:00", "value": {"mitigation_remediation": ["Apply the latest Microsoft Edge update to ensure the fix is in place.", "Verify that network connections use secure TLS and that certificate chains are valid to prevent man\u2011in\u2011the\u2011middle manipulation.", "Monitor the user interface for unexpected or inconsistent displays of critical information and educate users to verify the authenticity of content before acting."], "summary": {"action": "Monitor", "impact": "UI spoofing over a network"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Microsoft Edge (Chromium\u2011based) on iOS devices. No specific version information has been disclosed, so all installations of the affected browser should be considered potentially vulnerable until a patch is released.", "description_and_impact": "Microsoft Edge (Chromium-based) contains a user interface misrepresentation flaw that lets an unauthorized attacker spoof critical information presented to the user. An attacker who can influence what is displayed in the browser could masquerade as a legitimate entity or display false data, potentially misleading the user into taking an unintended action. The vulnerability impacts the integrity of the information the user receives and may expose the user to phishing or other deceptive attacks.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate risk, while the EPSS score of less than 1% suggests a low likelihood of exploitation at this time. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, the likely attack vector is remote, occurring over a network when the attacker can manipulate the content presented in the browser on an iOS device. No special prerequisites beyond the ability to influence the UI are stated, so the threat can affect any user who accepts the spoofed information without additional safeguards."}}}}, "created": "2026-04-20T16:15:11.022485+00:00", "updated": "2026-04-20T16:15:11.022494+00:00", "vendors": []}