{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5687", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-06-04T14:07:33.129Z", "datePublished": "2025-06-11T12:07:49.739Z", "dateUpdated": "2026-04-13T14:31:48.521Z"}, "containers": {"cna": {"affected": [{"product": "Mozilla VPN 2.28.0", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "(macOS)", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.\n*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.<br>*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS)."}]}], "title": "Local privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below.", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1953736"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-48/"}], "credits": [{"lang": "en", "value": "Egor Filatov (Positive Technologies)"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:48.521Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-5687", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-14T03:56:22.072612Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:50:41.715Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-5687", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-14T03:56:22.072612Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:33:53.078Z"}}], "cna": {"title": "Local privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below.", "credits": [{"lang": "en", "value": "Egor Filatov (Positive Technologies)"}], "affected": [{"vendor": "Mozilla", "product": "Mozilla VPN 2.28.0", "versions": [{"status": "unaffected", "version": "(macOS)", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1953736"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-48/"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.\n*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.<br>*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:48.521Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5687", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:31:48.521Z", "dateReserved": "2025-06-04T14:07:33.129Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-06-11T12:07:49.739Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:vpn:*:*:*:*:*:macos:*:*", "matchCriteriaId": "EF9188AB-2A77-453A-ABBD-0FE992C22BEC", "versionEndExcluding": "2.28.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.\n*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS)."}, {"lang": "es", "value": "Una vulnerabilidad en Mozilla VPN para macOS permite la escalada de privilegios de un usuario normal a root. *Este error solo afecta a Mozilla VPN en macOS. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Mozilla VPN 2.28.0 &lt; (macOS)."}], "id": "CVE-2025-5687", "lastModified": "2026-04-13T15:17:05.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-11T12:15:29.023", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1953736"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-48/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T17:02:48.131276+00:00", "value": {"mitigation_remediation": ["Apply Mozilla VPN 2.28.0 or newer to all macOS devices.", "Temporarily disable VPN service on affected systems until the update is rolled out.", "Deploy monitoring to detect unauthorized privilege escalation attempts by local users."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected users run Mozilla VPN for macOS version 2.27.0 or earlier; versions 2.28.0 and later include the fix. Other operating systems, such as Windows or Linux, are not impacted.", "description_and_impact": "The vulnerability is a local privilege escalation flaw in Mozilla VPN on macOS, allowing a normal user to gain root privileges through improper privilege checks in the client software. This escalation lets an attacker modify system settings, install persistent malware, or read sensitive data without authorization. The flaw is classified under CWE-269.", "risk_and_exploitability": "The CVSS score of 7.8 indicates medium\u2011to\u2011high severity, but the EPSS score of less than 1% suggests exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Because the flaw requires local user access and relies on the macOS client, the attack vector is inferred to be local execution. No public exploit has been reported."}}}}, "created": "2025-06-24T09:51:39.226148+00:00", "updated": "2026-04-20T17:15:12.547259+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$mozilla_vpn"]}