anonhaven
Ad

CVE-2025-6554

HIGH CVSS 3.1: 8.1 EPSS 0.94% ACTIVE EXPLOIT
Updated Oct 24, 2025
Microsoft

CISA Known Exploited Vulnerability (KEV)

This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended.

Due Date: Jul 23, 2025

Parameter Value
CVSS 8.1 (HIGH)
Affected Versions before 138.0.7204.96
Fixed In 138.0.7204.96
Type CWE-843 (Type Confusion)
Vendor Microsoft
Public PoC Yes

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-843 Type Confusion

Vulnerable Products 5

Configuration From (including) Up to (excluding)
Google Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
 138.0.7204.96
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Google Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
 138.0.7204.92
Apple Macos
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References 3

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop…
chrome-cve-admin@google.com
https://issues.chromium.org/issues/427663123
chrome-cve-admin@google.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2485

IBM

4.8

CVE-2026-2483

IBM

5.4

CVE-2026-1262

IBM

4.3

CVE-2026-1015

IBM

5.4

CVE-2026-1014

IBM

6.5