# Titles: Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability PoC (Conceptual Model) # Author: nu11secur1ty # Date: 06/28/25 # Vendor: Microsoft # Software: https://www.microsoft.com/en-us/edge/download?form=MA13FJ # Reference: https://portswigger.net/web-security/access-control # CVE ID: CVE-2025-47181 ## Description: This repository contains a conceptual proof-of-concept (PoC) for CVE-2025-47181, a "link following" privilege escalation vulnerability in Microsoft Edge (Chromium-based). This vulnerability allows an attacker to exploit improper link resolution and symbolic link (symlink) handling by a trusted Edge updater process to write to privileged system files and potentially gain SYSTEM privileges. ---------------------------------------------------------------------------------------------------------- Type: Symlink-based Privilege Escalation Affected Software: Microsoft Edge (Chromium-based) Updater Severity: Critical Impact: An attacker who successfully exploits this vulnerability can trick the trusted Edge updater to write malicious content to privileged locations on disk, such as C:\Windows\System32\driver_config.dll. This leads to privilege escalation from a low-privileged user to SYSTEM-level access. # STATUS: HIGH-CRITICAL Vulnerability [+]Exploit: [URL]:(https://github.com/nu11secur1ty/CVE-mitre/tree/main/2025/CVE-2025-47181) # Demo: [href]:(https://www.youtube.com/watch?v=Q_Ws_KRW7Go) # Time spent: 3:15:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>