关联漏洞
描述
Remediation of Microsoft Edge (Chromium) Remote Code Execution vulnerability (CVE-2025-9478, Plugin ID: 258091). Documentation includes before/after evidence, remediation steps, and Tenable validation.
介绍
# STIG – Microsoft Edge (Chromium) < 139.0.3405.125 Remote Code Execution (CVE-2025-9478, Plugin ID: 258091)
## Before
- **Finding:** Microsoft Edge (version 139.0.3405.86) was outdated and vulnerable to a critical Remote Code Execution (RCE) flaw (CVE-2025-9478).
- **Risk:** Attackers could exploit a use-after-free in ANGLE to execute arbitrary code through crafted HTML pages.
- **Evidence:**
---
## Remediation
1. Updated Microsoft Edge to version `139.0.3405.125` (patched).
2. Verified the version update (`edge://settings/help`).
3. Restarted Edge to finalize the patch.
4. Performed a Tenable rescan to confirm the vulnerability was resolved.
---
## After
Microsoft Edge successfully updated to version `139.0.3405.125`, mitigating CVE-2025-9478 and preventing potential remote code execution.
**Evidence:**
Edge-After-Details.png
Edge-After-Tenable-Rescan.png
文件快照
[4.0K] /data/pocs/5543214bd71ffefbbd04917dbdf5e85058bc1ff4
├── [159K] Edge-Before-Details.png
├── [108K] Edge-Before-Finding.png
└── [1017] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。