CVE-2025-62459 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
CVE-2025-62459	Microsoft Defender Portal Spoofing Vulnerability	Microsoft Defender	Critical	06-01-2026

Technical Information

The attacker exploits a cross-site scripting vulnerability in the Microsoft Defender Portal to spoof trusted content after a user interacts with a malicious link.

Patch release date: Nov 11, 2025
Further information on this vulnerability is available at : CVE-2025-62459

Affected Software

Microsoft 365 Defender Portal