CVE-2025-5687

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5687

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5687.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-5687

Published

2025-06-11T12:15:29Z

Modified

2025-07-04T04:52:02.501593Z

Summary

[none]

Details

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected. This vulnerability affects Mozilla VPN 2.28.0 < (macOS).

References

https://www.mozilla.org/security/advisories/mfsa2025-48/
https://bugzilla.mozilla.org/show_bug.cgi?id=1953736

Affected packages

Git / github.com/mozilla-mobile/mozilla-vpn-client

Affected ranges

Type: GIT
Repo: https://github.com/mozilla-mobile/mozilla-vpn-client
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bb7d5d6298496b1d069193c2b60067f1f84834d3

Affected versions

v2.*

v2.0.1

v2.0.3

v2.1.0

v2.26.0