CVE-2025-47154

Name of the Vulnerable Software and Affected Versions Ladybird versions prior to f5a6704

Description The issue is related to a use-after-free vulnerability in LibJS, which is part of the Ladybird browser engine. This vulnerability allows remote attackers to execute arbitrary code via a crafted .js file. The problem arises from the mishandling of the freeing of the vector that arguments list references. The GitHub README for Ladybird notes that it is in a pre-alpha state and is only suitable for use by developers.

Recommendations For Ladybird versions prior to f5a6704, update to a version that includes the fix for this issue, as the current version is vulnerable to remote code execution attacks. As a temporary workaround, consider restricting the execution of .js files from untrusted sources to minimize the risk of exploitation.