CVE-2025-2817Path Traversal in Mozilla Firefox

CWE-22Path TraversalCWE-94Code InjectionCWE-416Use After Free12 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedApr 29

Description

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDmozilla/firefox116.0128.10.0+2
NVDmozilla/thunderbird129.0138.0+1

🔴Vulnerability Details

3
OSV
CVE-2025-2817: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking2025-04-29
GHSA
GHSA-j657-7g4v-wv6h: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking2025-04-29
CVEList
Privilege escalation in Thunderbird Updater2025-04-29

📋Vendor Advisories

8
Red Hat
firefox: thunderbird: Privilege escalation in Firefox Updater2025-04-29
Debian
CVE-2025-2817: firefox - Thunderbird's update mechanism allowed a medium-integrity user process to interf...2025
Microsoft
Use After Free in vim/vim2022-08-09
Mozilla
Mozilla Foundation Security Advisory 2025-29: CVE-2025-2817
Mozilla
Mozilla Foundation Security Advisory 2025-32: CVE-2025-2817
CVE-2025-2817 — Path Traversal in Mozilla Firefox | cvebase