CVE-2025-5687

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 79.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Mozilla VPN 2.28.0Mozilla VPN
Timeline
PublishedJun 11

Description

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDmozilla/vpn< 2.28.0
CVEListV5mozilla/mozilla_vpn_2.28.0unspecified(macOS)

🔴Vulnerability Details

2
GHSA
GHSA-h4m7-pg92-x2q8: A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root2025-06-11
CVEList
CVE-2025-5687: A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root2025-06-11

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2025-48: CVE-2025-5687
CVE-2025-5687 (HIGH CVSS 7.8) | A vulnerability in Mozilla VPN on m | cvebase.io