Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2025-12428 PoC — Microsoft Edge 安全漏洞

Source
https://github.com/dexterm300/cve-2025-12428-exploit-poc
Associated Vulnerability
Title:Microsoft Edge 安全漏洞 (CVE-2025-12428)
Description:Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Description
Exploitation proof-of-concept against CVE-2025-12428 for Chromium V8 JavaScript issues like type confusion
Readme
# CVE-2025-12428 - V8 Type Confusion PoC

**⚠️ WARNING: This is a proof-of-concept exploit for educational and security research purposes only.**

## Vulnerability Details

- **CVE ID**: CVE-2025-12428
- **Type**: Type Confusion in V8 JavaScript Engine
- **Severity**: High
- **Affected Versions**:
  - Google Chrome < 142.0.7444.59
  - Microsoft Edge (Chromium-based) < latest update
  - Debian Chromium < 142.0.7444.59-1~deb12u1

## Description

This vulnerability involves a type confusion flaw in the V8 JavaScript engine that can potentially lead to heap corruption and arbitrary code execution when processing maliciously crafted JavaScript code.

Type confusion occurs when the JavaScript engine misinterprets the type of an object, allowing attackers to:
- Read/write memory out of bounds
- Corrupt heap structures
- Potentially achieve remote code execution

## Disclaimer

**This code is provided for:**
- Security research and education
- Vulnerability assessment (on systems you own or have permission to test)
- Understanding browser security mechanisms

**DO NOT:**
- Use this code maliciously
- Distribute it to unauthorized parties
- Use it against systems you don't own or have explicit permission to test

The author assumes no responsibility for misuse of this code.

## Usage

1. **Test in Isolated Environment**: Only run this in a virtual machine or isolated test environment
2. **Use Vulnerable Browser**: Test with Chrome/Edge versions < 142.0.7444.59
3. **Open the HTML file**: Load `exploit.html` in the vulnerable browser
4. **Observe**: Check the browser console for crash indicators or error messages

## Mitigation

Update your browser to the latest version:
- Chrome: Update to 142.0.7444.59 or later
- Edge: Install the latest update
- Other Chromium-based browsers: Update to latest version

## References

- CVE-2025-12428
- Reported by: Man Yue Mo (GitHub Security Lab) - September 26, 2025
- Snyk Advisory: security.snyk.io
File Snapshot

 [4.0K]  /data/pocs/ddc460bacd3fc09a82d8de13988c1a83f27759f9
├── [ 10K]  advanced-exploit.js
├── [ 14K]  exploit.html
├── [8.3K]  exploit.js
├── [ 556]  package.json
├── [2.0K]  README.md
├── [3.9K]  test.js
└── [3.4K]  USAGE.md

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →