Uncontrolled Search Path Vulnerability in LibreWolf Installer for Windows
CVE-2025-11940

7.3HIGH

Key Information:

Vendor

LibreWolf

Status
Librewolf
Vendor
CVE Published:
19 October 2025

What is CVE-2025-11940?

A security flaw has been identified in the LibreWolf Installer for Windows, specifically in the assets/setup.nsi file. This vulnerability allows for an uncontrolled search path, which can be exploited locally. While executing an attack of this nature is considered complex, it poses significant risks if exploited. Users are strongly advised to update to version 144.0-1 where this issue has been addressed through a recent patch.

Affected Version(s)

LibreWolf 143.0.4-1

LibreWolf 144.0-1

References

https://vuldb.com/?id.329019
vdb-entry
https://vuldb.com/?ctiid.329019
signaturepermissions-required
https://vuldb.com/?submit.671575
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-11940 : Uncontrolled Search Path Vulnerability in LibreWolf Installer for Windows