🟒 CVE-2025-14174

CVE-2025-14174 is an out-of-bounds memory access vulnerability in Google Chrome that requires user interaction with a crafted HTML page. While actively exploited and in CISA KEV, it affects client-side browser software, not internet-facing servers.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1189 β€” Drive-by Compromise
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-12-12

Added to CISA KEV: 2025-12-12 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2025-12-13)

Here's what is known about the CVE-2025-14174 vulnerability:

  • Affected applications: CVE-2025-14174 affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge [2].
  • CISA KEV Status: CISA has added CVE-2025-14174 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation [3][4].
  • Active Exploitation: The vulnerability is actively being exploited in the wild [1].
  • Attack Vectors/Exploitation Method: Attackers can potentially execute arbitrary code by crafting malicious web content [1].
  • Targeted Attacks: CVE-2025-14174 has been reportedly used in a sophisticated, targeted attack against specific individuals on iOS versions before iOS 26 [1].
  • Internet facing: These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks [5][6].

Sources

  1. CVE-2025-14174 - Exploits & Severity - Feedly

    Impact. Attackers could potentially execute arbitrary code by crafting malicious web content. The vulnerability has been reported as being used in an extremely sophisticated targeted attack against specific individuals on versions of iOS before iOS 26. This suggests a high-risk, precision-targeted e…

  2. Known Exploited Vulnerabilities Catalog

    CVE-2025-14174​​ This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and ...

  3. CISA Adds Two Known Exploited Vulnerabilities to Catalog

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  4. CISA Adds Three Known Exploited Vulnerabilities to Catalog

    CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  5. CISA Adds One Vulnerability to the KEV Catalog | CISA

    CVE-2025-0282. Ivanti Connect Secure Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA urges organizations to apply mitigations as set forth in the CISA instructions linked below to include…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed