Home > Vulnerability Database > CVE-2025-5265

Mend.io Vulnerability Database

CVE-2025-5265

Date: May 27, 2025

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11.

Severity Score

4.8

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-5265

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1962301

Url: https://www.mozilla.org/security/advisories/mfsa2025-44/

Url: https://www.mozilla.org/security/advisories/mfsa2025-43/

Url: https://www.mozilla.org/security/advisories/mfsa2025-46/

Url: https://www.mozilla.org/security/advisories/mfsa2025-45/

Url: https://www.mozilla.org/security/advisories/mfsa2025-42/

Url: https://www.mend.io/vulnerability-database/CVE-2025-5265

Severity Score

4.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-5265

Date: May 27, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?