Privilege Escalation Vulnerability in Mozilla VPN for macOS
CVE-2025-5687

7.8HIGH

Key Information:

Vendor: Mozilla
Status: Mozilla Vpn 2.28.0
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-5687?

A vulnerability in Mozilla VPN on macOS allows a normal user to escalate their privileges to that of the root user. This issue impacts versions of Mozilla VPN prior to 2.28.0, and poses a security risk by enabling malicious actors to gain unauthorized access to sensitive system resources. It's important to note that this vulnerability is specific to the macOS version of the VPN, leaving other operating systems unaffected. Users of the affected version are advised to apply available updates promptly to mitigate potential risks.

Affected Version(s)

Mozilla VPN 2.28.0 < unspecified

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1953736

https://www.mozilla.org/security/advisories/mfsa2025-48/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Egor Filatov (Positive Technologies)