Home > Vulnerability Database > CVE-2025-11940

Mend.io Vulnerability Database

CVE-2025-11940

Good to know:

Date: October 19, 2025

A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component.

Severity Score

2.9

Related Resources (8)

Url: https://codeberg.org/librewolf/bsys6/releases/tag/144.0-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11940

Url: https://vuldb.com/?ctiid.329019

Url: https://vuldb.com/?id.329019

Url: https://codeberg.org/librewolf/bsys6/commit/dd10e31dd873e9cb309fad8aed921d45bf905a55

Url: https://github.com/Cyber-Wo0dy/report/blob/main/librewolf/143.0.4-1/librewolf_installer_exe_hijacking.md

Url: https://vuldb.com/?submit.671575

Url: https://www.mend.io/vulnerability-database/CVE-2025-11940

Severity Score

2.9

Weakness Type (CWE)

Uncontrolled Search Path Element

CWE-427

Untrusted Search Path

CWE-426

Top Fix

Upgrade Version

Upgrade to version https://codeberg.org/librewolf/bsys6.git - 144.0-1

Learn More

CVSS v3.1

Base Score:	2.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11940

Good to know:

Date: October 19, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?