CVE-2025-11940

CVSS v3.1

7.0

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreWolf versions prior to 144.0-1

Description A security issue exists in LibreWolf on Windows, affecting the file

assets/setup.nsi

within the Installer component. This allows for uncontrolled search path manipulation through an unknown function. The attack requires local access and is considered highly complex with difficult exploitability.

Recommendations Upgrade to version 144.0-1 to resolve this issue.

Exploit

Fix

Uncontrolled Search Path Element

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427CWE-426

Related Identifiers

CVE-2025-11940

Affected Products

Librewolf

Windows

CVE-2025-11940

Weakness Enumeration

Related Identifiers

Affected Products

References · 14