PT-2025-42717 · Microsoft+1 · Windows+1

Published

2025-10-19

Updated

2025-10-24

CVE-2025-11940

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreWolf versions prior to 144.0-1

Description A security issue exists in LibreWolf on Windows, affecting the file assets/setup.nsi within the Installer component. This allows for uncontrolled search path manipulation through an unknown function. The attack requires local access and is considered highly complex with difficult exploitability.

Recommendations Upgrade to version 144.0-1 to resolve this issue.

Exploit

Fix

Untrusted Search Path

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-427

Related Identifiers

CVE-2025-11940

Affected Products

Librewolf

Windows

PT-2025-42717 · Microsoft+1 · Windows+1

CVE-2025-11940

Weakness Enumeration

Related Identifiers

Affected Products

References · 14