CVE-2025-2857: Following the sanbdox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to...

10.0 CVSS

Description

Following the sanbdox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent process into leaking handles into unpriviled child processes leading to a sandbox escape.
The original vulnerability was being exploited in the wild.
*This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.

Known Exploited

🚨 Marked as known exploited on March 27th, 2025 (about 2 months ago).

Classification

CVE ID: CVE-2025-2857

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem Types

Incorrect handle could lead to sandbox escapes

Affected Products

Vendor: Mozilla

Product: Firefox, Firefox ESR, Firefox ESR

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 24.76% (scored less or equal to compared to others)

EPSS Date: 2025-04-25 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2857
https://bugzilla.mozilla.org/show_bug.cgi?id=1956398
https://issues.chromium.org/issues/405143032
https://www.mozilla.org/security/advisories/mfsa2025-19/

Timeline

2025-03-27 14:40:22 UTC
CVE

Following the sanbdox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to...
2025-03-27 14:41:41 UTC
🚨 Marked as Known Exploited
2025-03-27 16:00:35 UTC
CyberInsider

Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks
2025-03-28 06:45:36 UTC
TheHackerNews

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability