CVE-2025-14325

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 140.6 Thunderbird versions prior to 146 Thunderbird versions prior to 140.6

Description The JavaScript Engine contains a JIT miscompilation issue within the JIT component. This relates to CacheIR, which involves Inline Caches in SpiderMonkey. The issue is a miscompilation in the JIT component.

Recommendations Update Firefox to version 146 or later. Update Firefox ESR to version 140.6 or later. Update Thunderbird to version 146 or later. Update Thunderbird to version 140.6 or later.

Fix

Code Injection

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-843

Related Identifiers

ALSA-2025:23034

ALSA-2025:23035

ALSA-2025:23128

ALSA-2025:23856

ALSA-2026:0025

ALSA-2026:0026

BDU:2025-16354

CVE-2025-14325

DLA-4401-1

DLA-4405-1

DSA-6078-1

DSA-6081-1

MGASA-2025-0328

MGASA-2025-0329

OESA-2026-1085

OESA-2026-1086

OESA-2026-1088

OESA-2026-1089

OESA-2026-1090

OESA-2026-1264

OESA-2026-1285

OPENSUSE-SU-2025:15809-1

OPENSUSE-SU-2025:15813-1

OPENSUSE-SU-2025:15814-1

OPENSUSE-SU-2026:20014-1

OPENSUSE-SU-2026:20046-1

RHSA-2026:0003

RHSA-2026:0004

RHSA-2026:0005

RHSA-2026:0006

RHSA-2026:0007

RHSA-2026:0013

RHSA-2026:0014

RHSA-2026:0015

RHSA-2026:0016

RHSA-2026:0017

RHSA-2026:0018

RHSA-2026:0019

RHSA-2026:0020

RHSA-2026:0021

RHSA-2026:0022

RHSA-2026:0023

RHSA-2026:0024

RHSA-2026:0025

RHSA-2026:0026

RHSA-2026:0124

RHSA-2026:0127

SUSE-SU-2025:4396-1

SUSE-SU-2025:4397-1

SUSE-SU-2025:4424-1

SUSE-SU-2026:20031-1

USN-7991-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Firefox

Firefox Esr

Linuxmint

Red Hat

Rocky Linux

Ubuntu

CVE-2025-14325

Weakness Enumeration

Related Identifiers

Affected Products

References · 270