PT-2025-18921 · Unknown+1 · Ublock Origin+1

Dayshift

Published

2025-05-02

Updated

2025-06-12

CVE-2025-4215

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions uBlock Origin versions up to 1.63.3b16

Description A vulnerability has been found in the UI component of uBlock Origin, specifically in the function currentStateChanged of the file src/js/1p-filters.js. This issue leads to inefficient regular expression complexity, which can be exploited remotely. The complexity of an attack is rather high, and the exploitability is difficult. The exploit has been disclosed to the public.

Recommendations For versions up to 1.63.3b16, upgrade to version 1.63.3b17 to address this issue. As a temporary workaround, consider restricting the use of the currentStateChanged function in the src/js/1p-filters.js file until the patch is applied.

Exploit

Fix

Resource Exhaustion

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

CVE-2025-4215

DLA-4215-1

Affected Products

Debian

Ublock Origin

PT-2025-18921 · Unknown+1 · Ublock Origin+1

CVE-2025-4215

Weakness Enumeration

Related Identifiers

Affected Products

References · 20