Home > Vulnerability Database > CVE-2025-25303

Mend.io Vulnerability Database

CVE-2025-25303

Date: March 3, 2025

The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the extension user. Because pdf.mjs is imported in viewer.html and viewer.html is accessible to all URLs, an attacker can force the user’s browser to make a request to any arbitrary URL. After discussion with maintainer, patching this issue would require disabling a major feature of the extension in exchange for a low severity vulnerability. Decision to not patch issue.

Severity Score

5.8

Related Resources (5)

Url: https://github.com/ttop32/MouseTooltipTranslator/blob/0.1.127/public/manifest.json#L23

Url: https://securitylab.github.com/advisories/GHSL-2024-018_MouseTooltipTranslator/

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-25303

Url: https://github.com/ttop32/MouseTooltipTranslator/blob/0.1.127/public/pdfjs/build/pdf.mjs#L13932

Url: https://www.mend.io/vulnerability-database/CVE-2025-25303

Severity Score

5.8

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-25303

Date: March 3, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?