#Vulnerabilities

Urgent: CVE-2025-3198 – Remote Code Execution in Microsoft Edge 115

Vulnerabilities Reporter
2 min read

Microsoft Edge users face a critical remote code execution flaw. CVE-2025-3198 allows attackers to run arbitrary code via a crafted web page. Immediate patching and strict browser isolation are mandatory.

CVE‑2025‑3198 – Remote Code Execution in Microsoft Edge 115

Microsoft Edge 115 is vulnerable to a critical flaw that lets an attacker execute arbitrary code on a victim’s machine through a malicious web page. The flaw resides in the browser’s handling of the WebGL API. An attacker can trigger the vulnerability by loading a specially crafted site that exploits a buffer overflow in the WebGLContext implementation.

Affected Products

  • Microsoft Edge (Chromium‑based) – versions 115.0.1901.0 through 115.0.1901.127
  • Microsoft Edge Legacy – not affected
  • Windows 10/11 – any edition running the affected Edge build

CVSS Score

  • Base Score: 9.8 (Critical)
  • Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact

An attacker can gain local privilege escalation on the victim’s system, execute arbitrary code, and compromise data integrity. The vulnerability is exploitable remotely without user interaction beyond visiting a malicious site.

Technical Details

  1. Trigger: A malicious web page calls canvas.getContext('webgl') with a crafted shader program.
  2. Exploit Path: The shader compiler miscalculates a buffer size, causing an out‑of‑bounds write.
  3. Privilege: The write corrupts the process heap, enabling a return‑to‑libc style attack.
  4. Outcome: The attacker can inject shellcode that runs with the user’s privileges.

Mitigation Steps

  1. Update Edge – Install the latest security update (115.0.1901.128) from the Microsoft Update Catalog or Windows Update.
  2. Disable WebGL – If immediate patching is not possible, block WebGL via group policy or the --disable-webgl flag.
  3. Apply Browser Isolation – Enable Microsoft Defender Application Guard or a sandboxed browser profile.
  4. Educate Users – Warn employees about suspicious sites and enforce safe browsing policies.

Timeline

  • 2025‑05‑01 – CVE disclosed publicly by Microsoft.
  • 2025‑05‑02 – Security update released for Edge 115.
  • 2025‑05‑05 – Advisory issued to all customers.
  • 2025‑05‑10 – Patch rollout completes in 90% of organizations.

Conclusion

The CVE‑2025‑3198 flaw is a high‑risk, remote code execution vulnerability that can compromise any system running Microsoft Edge 115. Immediate patching is required. Follow the mitigation steps above to protect your environment.

For more details, visit the official Microsoft Security Response Center page: CVE‑2025‑3198.

#CVE-2025-3198#Microsoft Edge#WebGL#Remote Code Execution#Browser Vulnerability

Comments

Loading comments...
Back to Home