Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-12428 PoC — Microsoft Edge 安全漏洞

Source
https://github.com/dexterm300/cve-2025-12428-exploit-poc
Associated Vulnerability
Title:Microsoft Edge 安全漏洞 (CVE-2025-12428)
Description:Microsoft Edge是美国微软(Microsoft)公司的一款Windows 10之后版本系统附带的Web浏览器。 Microsoft Edge存在安全漏洞,该漏洞源于V8类型混淆。
Description
Exploitation proof-of-concept against CVE-2025-12428 for Chromium V8 JavaScript issues like type confusion
Readme
# CVE-2025-12428 - V8 Type Confusion PoC

**⚠️ WARNING: This is a proof-of-concept exploit for educational and security research purposes only.**

## Vulnerability Details

- **CVE ID**: CVE-2025-12428
- **Type**: Type Confusion in V8 JavaScript Engine
- **Severity**: High
- **Affected Versions**:
  - Google Chrome < 142.0.7444.59
  - Microsoft Edge (Chromium-based) < latest update
  - Debian Chromium < 142.0.7444.59-1~deb12u1

## Description

This vulnerability involves a type confusion flaw in the V8 JavaScript engine that can potentially lead to heap corruption and arbitrary code execution when processing maliciously crafted JavaScript code.

Type confusion occurs when the JavaScript engine misinterprets the type of an object, allowing attackers to:
- Read/write memory out of bounds
- Corrupt heap structures
- Potentially achieve remote code execution

## Disclaimer

**This code is provided for:**
- Security research and education
- Vulnerability assessment (on systems you own or have permission to test)
- Understanding browser security mechanisms

**DO NOT:**
- Use this code maliciously
- Distribute it to unauthorized parties
- Use it against systems you don't own or have explicit permission to test

The author assumes no responsibility for misuse of this code.

## Usage

1. **Test in Isolated Environment**: Only run this in a virtual machine or isolated test environment
2. **Use Vulnerable Browser**: Test with Chrome/Edge versions < 142.0.7444.59
3. **Open the HTML file**: Load `exploit.html` in the vulnerable browser
4. **Observe**: Check the browser console for crash indicators or error messages

## Mitigation

Update your browser to the latest version:
- Chrome: Update to 142.0.7444.59 or later
- Edge: Install the latest update
- Other Chromium-based browsers: Update to latest version

## References

- CVE-2025-12428
- Reported by: Man Yue Mo (GitHub Security Lab) - September 26, 2025
- Snyk Advisory: security.snyk.io
File Snapshot

 [4.0K]  /data/pocs/ddc460bacd3fc09a82d8de13988c1a83f27759f9
├── [ 10K]  advanced-exploit.js
├── [ 14K]  exploit.html
├── [8.3K]  exploit.js
├── [ 556]  package.json
├── [2.0K]  README.md
├── [3.9K]  test.js
└── [3.4K]  USAGE.md

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.