{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0237", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-01-06T14:48:59.270Z", "datePublished": "2025-01-07T16:07:05.787Z", "dateUpdated": "2026-04-13T14:29:59.516Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.6", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "134", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.6", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "134", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6."}]}], "title": "WebChannel APIs susceptible to confused deputy attack", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}], "credits": [{"lang": "en", "value": "Andrew McCreight"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:29:59.516Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-08T15:57:56.339970Z", "id": "CVE-2025-0237", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-08T16:01:17.580Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:33:35.989Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:33:35.989Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-0237", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-08T15:57:56.339970Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-08T16:01:12.491Z"}}], "cna": {"title": "WebChannel APIs susceptible to confused deputy attack", "credits": [{"lang": "en", "value": "Andrew McCreight"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "128.6", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "134", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.6", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "134", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}], "descriptions": [{"lang": "en", "value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "supportingMedia": [{"type": "text/html", "value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:29:59.516Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0237", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:29:59.516Z", "dateReserved": "2025-01-06T14:48:59.270Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-01-07T16:07:05.787Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "AEBB7F43-496D-4A67-8E9E-EEE29913B6DE", "versionEndExcluding": "128.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FDCA935-A68D-404E-A749-CA3845C709F0", "versionEndExcluding": "134.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "C92D62DE-A681-4B9D-9640-D12D04392A1B", "versionEndExcluding": "128.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A633E231-80F8-4A92-BA69-B9BE5BE45D00", "versionEndExcluding": "134.0", "versionStartIncluding": "129.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6."}, {"lang": "es", "value": "La WebChannel API, que se utiliza para transportar informaci\u00f3n diversa entre procesos, no comprob\u00f3 el principal de env\u00edo, sino que acept\u00f3 el principal enviado. Esto podr\u00eda haber provocado ataques de escalada de privilegios. Esta vulnerabilidad afecta a Firefox < 134 y Firefox ESR < 128.6."}], "id": "CVE-2025-0237", "lastModified": "2026-04-13T15:16:32.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-07T16:15:38.323", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0132", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.6.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0144", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.6.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0281", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.6.0-3.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0133", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0286", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.6.0-3.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0137", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.6.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0284", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.6.0-3.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0080", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.6.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0147", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.6.0-3.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0162", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.6.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0165", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.6.0-3.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0138", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.6.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0167", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.6.0-3.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0135", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.6.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0166", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.6.0-3.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack", "id": "2336182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336182"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-441", "details": ["The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks."], "name": "CVE-2025-0237", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox:flatpak/firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird:flatpak/thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-07T16:07:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0237\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0237\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1915257\nhttps://www.mozilla.org/security/advisories/mfsa2025-01/\nhttps://www.mozilla.org/security/advisories/mfsa2025-02/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T18:34:02.498536+00:00", "value": {"mitigation_remediation": ["Update Mozilla Firefox to version\u202f134 or newer, and for ESR users, ensure ESR\u202f128.6 or later is installed.", "Update Mozilla Thunderbird to version\u202f134 or newer, and for ESR users, ensure ESR\u202f128.6 or later is installed.", "If updates cannot be applied immediately, consider disabling or restricting the WebChannel API or applying sandboxing measures to isolate the affected processes, and monitor for anomalous inter\u2011process activity."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox, including ESR releases, and Mozilla Thunderbird are affected when running versions prior to Firefox\u202f134 / ESR\u202f128.6 and Thunderbird\u202f134 / ESR\u202f128.6. The issue appears in installations on various operating systems, as indicated by the Red\u202fHat Enterprise Linux CPE entries, but the fix applies to all supported platforms.", "description_and_impact": "The vulnerability stems from the WebChannel API not validating the sending principal before accepting it, allowing a process to impersonate another and gain elevated privileges. This flaw classifies as a confused\u2011deputy attack and is mapped to CWE\u2011441 and CWE\u2011863. An attacker could exploit the flaw to broaden the access scope of a less privileged process, potentially compromising confidential data or enabling further attacks.", "risk_and_exploitability": "The CVSS score of 5.4 suggests moderate severity while the EPSS score of <\u202f1\u202f% reflects a low likelihood of exploitation at present. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation would involve sending malicious messages through the WebChannel API to a target process, a scenario that typically requires local user interaction or an existing compromise of the sending process."}}}}, "created": "2026-04-20T18:45:14.238669+00:00", "updated": "2026-04-20T18:45:14.238679+00:00", "vendors": []}