CVE-2025-6554
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-6554. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Available Exploits
Related News
Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score …
Chromium's latest release addressed new vulnerabilities. Security updates have been released for Opera - get the latest versions now.
The post Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available appeared first on Daily CyberSecurity.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are freq…
Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit exists in the wild. Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit is availa…
Affected Products
Affected Versions:
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: July 30, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: July 1, 2025, Modified: July 1, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Malware exploited edge, chrome, windows media player, etc. (CVE-2025-6554)- what happened? Kinda curious what happened here, wish I made an image of the drive before I wiped it. Instead I saved some interesting files to a drive. It started wreaking havoc after a windows update. It saved malicious js files …
So Is kiwi browser now just unusable I just found out there's a new CVE-2025-6554 exploit in browsers that can do damage and for safety I can't contuine using kiwi browser anymore. Does anyone have alternatives. Edge does not work and I can only install edge extensionsni can't install any …
🔥 Top 10 Trending CVEs (24/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-4947](https://nvd.nist.gov/vuln/detail/CVE-2024-4947)** - 📝 Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security …
🔥 Top 10 Trending CVEs (23/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49113](https://nvd.nist.gov/vuln/detail/CVE-2025-49113)** - 📝 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading …
A Brief Analysis of Chrome's 0day CVE-2025-6554 in the Wild
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025
🔥 Top 10 Trending CVEs (13/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-45866](https://nvd.nist.gov/vuln/detail/CVE-2023-45866)** - 📝 Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection …
🔥 Top 10 Trending CVEs (12/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-29336](https://nvd.nist.gov/vuln/detail/CVE-2023-29336)** - 📝 Win32k Elevation of Privilege Vulnerability - 📅 **Published:** 09/05/2023 - 📈 **CVSS:** 7.8 - 🧭 **Vector:** CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 4 - ⚠️ **Priority:** 2 - 📝 **Analysis:** …
𝐓𝐨𝐝𝐚𝐲'𝐬 𝐏𝐚𝐭𝐜𝐡 𝐓𝐮𝐞𝐬𝐝𝐚𝐲 𝐨𝐯𝐞𝐫𝐯𝐢𝐞𝐰 • Microsoft has addressed 𝟏𝟑𝟕 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬, 𝐧𝐨 𝐳𝐞𝐫𝐨-𝐝𝐚𝐲𝐬, 𝟏𝟒 𝐜𝐫𝐢𝐭𝐢𝐜𝐚𝐥 and 𝐨𝐧𝐞 𝐰𝐢𝐭𝐡 𝐏𝐨𝐂 • Third-party: web browsers, Linux Sudo, Citrix NetScaler, Cisco, WordPress, WinRAR, Brother printers, GitHub, Teleport, Veeam, Grafana, Palo Alto Networks, and Trend Micro. Navigate to 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐃𝐢𝐠𝐞𝐬𝐭 𝐟𝐫𝐨𝐦 𝐀𝐜𝐭𝐢𝐨𝐧𝟏 for comprehensive summary …
Threat signature update to include CVE-2025-6554 Any idea when Palo will update their threat signatures to include CVE-2025-6554? Since there are known exploits and no IOCs available, it would be nice if Palo could help out here and block the threat. Maybe they need the IOCs too? Edge is showing …