CVE-2025-11940
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-19

Last updated on: 2025-10-21

Assigner: VulDB

Description
A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-19
Last Modified
2025-10-21
Generated
2026-06-25
AI Q&A
2025-10-19
EPSS Evaluated
2026-06-24
NVD
CVE-2025-11940
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
librewolf librewolf 143.0.4-1
librewolf librewolf 144.0-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11940 is an uncontrolled search path vulnerability in the LibreWolf Windows installer up to version 143.0.4-1. Specifically, the installer improperly searches for an executable named "schtasks.exe" in the directory where the installer is run. An attacker with local access can place a malicious executable named "schtasks.exe" in that directory before installation. When the installer finishes, it executes this malicious file with the installer's user privileges, potentially allowing arbitrary code execution. This vulnerability arises from the installer's assets/setup.nsi script and is classified under CWE-427 (uncontrolled search path). The exploit is considered difficult and requires local access. Upgrading to LibreWolf version 144.0-1 mitigates the issue. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing an attacker with local access to execute arbitrary code on your system with the same privileges as the installer. This can lead to compromise of system security, unauthorized alteration of system functionality, and potential access to sensitive data. Because the attacker can leverage the legitimate installer's credibility, they may bypass some security controls, resulting in confidentiality, integrity, and availability impacts on your system. [1, 2]

Detection Guidance

This vulnerability can be detected by checking if the LibreWolf installer directory contains a malicious executable named "schtasks.exe" before running the installer, as the installer improperly searches for this executable in its running directory. To detect potential exploitation or presence of malicious files, you can list files in the installer's directory and verify if any suspicious executables named "schtasks.exe" exist. For example, on Windows, you can use the command: "dir /b schtasks.exe" in the installer's directory. Additionally, monitoring for unexpected execution of "schtasks.exe" from the installer's directory or unusual process creation events with tools like Sysinternals Process Monitor may help detect exploitation attempts. [2]

Mitigation Strategies

The immediate mitigation step is to upgrade LibreWolf to version 144.0-1 or later, which includes a patch that fixes the uncontrolled search path vulnerability in the installer. Avoid running the vulnerable installer in directories where untrusted executables named "schtasks.exe" could be placed. Applying the official patch (commit dd10e31dd873e9cb309fad8aed921d45bf905a55) and downloading the updated installer from the official source (e.g., codeberg.org) is strongly recommended to prevent exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11940. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart