LibreWolf Installer setup.nsi uncontrolled search path_CVE-2025-11940

7.3 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

Description

A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component.

Basic Information

ID CVE-2025-11940

Source VulDB

Published Oct 19, 2025 at 08:32

Affected Product

Vendor n/a

Product LibreWolf

Version 143.0.4-1

Affected Versions n/a LibreWolf 143.0.4-1

CWE Classification

CWE-427 CWE-426

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component.",
    "published": "2025-10-19T08:32:06.681Z",
    "modified": "2025-10-19T08:32:06.681Z",
    "type": "cve",
    "title": "LibreWolf Installer setup.nsi uncontrolled search path",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329019\nhttps://vuldb.com/?ctiid.329019\nhttps://vuldb.com/?submit.671575\nhttps://github.com/Cyber-Wo0dy/report/blob/main/librewolf/143.0.4-1/librewolf_installer_exe_hijacking.md\nhttps://codeberg.org/librewolf/bsys6/commit/dd10e31dd873e9cb309fad8aed921d45bf905a55\nhttps://codeberg.org/librewolf/bsys6/releases/tag/144.0-1",
    "id": "CVE-2025-11940",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427",
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "n/a LibreWolf 143.0.4-1",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LibreWolf",
    "version": "143.0.4-1",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}