Main Menu

CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution

CVE-2025-64671 enables remote code execution in GitHub Copilot for JetBrains through cross prompt injection, allowing attackers to manipulate AI-generated instructions within developer environments.
Facebook Twitter Youtube Linkedin
CVE Vulnerability Alert! CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
Table of Contents
    Add a header to begin generating the table of contents

    CVE-2025-14765 and CVE-2025-14766 are remote code execution vulnerabilities in Microsoft Edge that allow attackers to execute arbitrary code through crafted web content. Both flaws affect Edge versions prior to 143.0.3650.96 and can be triggered without user authentication.

    CVE IDs

    CVE-2025-14765
    CVE-2025-14766

    Affected Product

    Microsoft Edge browser on Windows, macOS, and Linux platforms prior to version 143.0.3650.96.

    CVSS Score

    CVE-2025-14765: 8.3 (High)
    CVE-2025-14766: 8.6 (High)

    Technical Details of CVE-2025-14765 & CVE-2025-14766

    The vulnerabilities originate from memory corruption issues within Edge’s Chromium rendering engine. Improper handling of object lifecycles and bounds validation enables attackers to craft malicious HTML and JavaScript that corrupt memory, leading to arbitrary code execution within the browser process.

    Exploitation Methodology

    Attackers exploit these vulnerabilities by luring victims to malicious websites or delivering weaponized ads. Successful exploitation allows execution of attacker-controlled code, often followed by sandbox escape chains or payload delivery via secondary exploits.

    Threat Actors Exploiting CVE-2025-14765 and CVE-2025-14766

    At the time of disclosure, Microsoft reported no confirmed active exploitation in the wild. However, similar Edge and Chromium RCE vulnerabilities have historically been leveraged by espionage-focused groups and commercial exploit vendors shortly after patch release, making rapid weaponization likely.

    Impact

    Exploitation enables full compromise of the browser session, leading to credential theft, malware delivery, lateral movement, and potential system compromise when chained with privilege escalation vulnerabilities.

    Mitigation and Remediation

    Microsoft urges immediate upgrading to Edge version 143.0.3650.96 or later. Enterprises should enforce automatic browser updates, disable unsupported extensions, and deploy endpoint detection capable of monitoring browser exploitation behavior.

    MITRE ATT&CK Mapping

    TacticTechnique IDTechnique Name
    Initial AccessT1189Drive-by Compromise
    ExecutionT1059Command and Scripting Interpreter
    Defense EvasionT1218Signed Binary Proxy Execution
    Credential AccessT1555Credentials from Web Browsers

    Trending
    aiFWall Launches to Elevate AI Protection in Cyber Security
    Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
    Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
    CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
    Contagious Interview Campaign Targets Multiple Sectors Worldwide
    Zoom’s Critical Security Update Resolves Severe Vulnerability
    Security Updates from Zoom and GitLab Address Critical Vulnerabilities
    Under Armour Account Breach: 72.7 Million Accounts Impacted
    PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
    LastPass Users Targeted by Deceptive Phishing Campaign

    Daily Briefing Newsletter

    Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

    Under Armour Account Breach 72.7 Million Accounts Impacted
    Data Security
    Under Armour Account Breach: 72.7 Million Accounts Impacted
    Gabby Lee January 22, 2026
    Related Posts
    Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records

    Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records

    NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat

    NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat

    VMware Carbon Black Review Advanced Endpoint Detection and Response

    VMware Carbon Black Review: Advanced Endpoint Detection and Response

    Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches

    Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches

    aiFWall Launches to Elevate AI Protection in Cyber Security

    aiFWall Launches to Elevate AI Protection in Cyber Security

    Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates

    Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates

    Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers

    Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers