CVE-2025-11940
BaseFortify
Publication date: 2025-10-19
Last updated on: 2025-10-21
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| librewolf | librewolf | 143.0.4-1 |
| librewolf | librewolf | 144.0-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11940 is an uncontrolled search path vulnerability in the LibreWolf Windows installer up to version 143.0.4-1. Specifically, the installer improperly searches for an executable named "schtasks.exe" in the directory where the installer is run. An attacker with local access can place a malicious executable named "schtasks.exe" in that directory before installation. When the installer finishes, it executes this malicious file with the installer's user privileges, potentially allowing arbitrary code execution. This vulnerability arises from the installer's assets/setup.nsi script and is classified under CWE-427 (uncontrolled search path). The exploit is considered difficult and requires local access. Upgrading to LibreWolf version 144.0-1 mitigates the issue. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with local access to execute arbitrary code on your system with the same privileges as the installer. This can lead to compromise of system security, unauthorized alteration of system functionality, and potential access to sensitive data. Because the attacker can leverage the legitimate installer's credibility, they may bypass some security controls, resulting in confidentiality, integrity, and availability impacts on your system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the LibreWolf installer directory contains a malicious executable named "schtasks.exe" before running the installer, as the installer improperly searches for this executable in its running directory. To detect potential exploitation or presence of malicious files, you can list files in the installer's directory and verify if any suspicious executables named "schtasks.exe" exist. For example, on Windows, you can use the command: "dir /b schtasks.exe" in the installer's directory. Additionally, monitoring for unexpected execution of "schtasks.exe" from the installer's directory or unusual process creation events with tools like Sysinternals Process Monitor may help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade LibreWolf to version 144.0-1 or later, which includes a patch that fixes the uncontrolled search path vulnerability in the installer. Avoid running the vulnerable installer in directories where untrusted executables named "schtasks.exe" could be placed. Applying the official patch (commit dd10e31dd873e9cb309fad8aed921d45bf905a55) and downloading the updated installer from the official source (e.g., codeberg.org) is strongly recommended to prevent exploitation. [1, 2]