CVE-2025-49736 is a vulnerability identified in Microsoft Edge for Android version 1.0.0, categorized under CWE-449, which relates to the user interface performing incorrect actions. This flaw allows an unauthorized attacker to execute spoofing attacks over a network by causing the browser UI to behave unexpectedly, potentially misleading users into performing unintended actions. The vulnerability does not require any privileges or prior authentication but does require user interaction, such as clicking or tapping on UI elements that have been manipulated. The CVSS 3.1 base score is 4.3, reflecting a medium severity level, with attack vector being network-based and low attack complexity. The impact primarily affects the integrity of user actions, as attackers can trick users into executing wrong commands or visiting spoofed sites, but it does not compromise confidentiality or availability. No known exploits have been reported in the wild, and no official patches have been released at the time of publication. This vulnerability highlights the risks associated with UI logic errors in mobile browsers, especially on widely used platforms like Android. Organizations relying on Microsoft Edge for Android should monitor for updates and be cautious of potential spoofing attempts that could lead to phishing or social engineering attacks.

For European organizations, this vulnerability poses a risk mainly to the integrity of user interactions on mobile devices running Microsoft Edge for Android. Spoofing attacks can lead to users being deceived into divulging sensitive information, executing unintended transactions, or navigating to malicious websites. Sectors such as finance, healthcare, and government, which often rely on mobile browsers for secure communications, could face targeted phishing campaigns exploiting this flaw. While confidentiality and availability are not directly impacted, the erosion of trust in user interface actions can facilitate broader social engineering attacks and credential theft. The lack of required privileges lowers the barrier for attackers, increasing the likelihood of opportunistic exploitation, especially in environments with high mobile usage. However, the requirement for user interaction and the absence of known exploits reduce the immediate risk. European organizations should consider this vulnerability in their mobile security posture, particularly those with large Android user bases and critical mobile workflows.

1. Educate users to be vigilant about unexpected or unusual UI behavior in Microsoft Edge for Android, emphasizing caution before interacting with suspicious prompts or links. 2. Limit exposure by enforcing network security controls such as VPNs and secure Wi-Fi usage to reduce the risk of network-based spoofing. 3. Monitor official Microsoft security advisories closely for patches or updates addressing this vulnerability and apply them promptly once available. 4. Employ mobile device management (MDM) solutions to enforce browser update policies and restrict installation of untrusted applications that could facilitate exploitation. 5. Implement multi-factor authentication (MFA) on critical services accessed via mobile browsers to mitigate the impact of potential credential theft resulting from spoofing. 6. Use endpoint detection and response (EDR) tools capable of monitoring anomalous browser behavior on Android devices. 7. Encourage the use of alternative browsers or platforms temporarily if critical operations are at risk and no patch is available. 8. Conduct phishing awareness campaigns tailored to mobile device users to reduce the success rate of spoofing attacks.