CVE-2025-5687

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:vpn:*:*:*:*:*:macos:*:*

History

02 Jul 2025, 16:09

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:vpn:*:*:*:*:*:macos:*:*
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1953736 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1953736 - Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2025-48/ - () https://www.mozilla.org/security/advisories/mfsa2025-48/ - Vendor Advisory
First Time Mozilla vpn
Mozilla

11 Jun 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
Summary
  • (es) Una vulnerabilidad en Mozilla VPN para macOS permite la escalada de privilegios de un usuario normal a root. *Este error solo afecta a Mozilla VPN en macOS. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Mozilla VPN 2.28.0 &lt; (macOS).
CWE CWE-269

11 Jun 2025, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-11 12:15

Updated : 2025-07-02 16:09


NVD link : CVE-2025-5687

Mitre link : CVE-2025-5687

CVE.ORG link : CVE-2025-5687


JSON object : View

Products Affected

mozilla

  • vpn
CWE
CWE-269

Improper Privilege Management