CVE-2025-2857
Published: 27 March 2025
Summary
CVE-2025-2857 is a critical-severity Exposure of Resource to Wrong Sphere (CWE-668) vulnerability in Mozilla Firefox. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 42.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces process isolation between sandboxed child and parent processes to prevent IPC-based sandbox escapes via powerful handles.
Requires timely remediation of the specific IPC flaw through patching Firefox to fixed versions, directly eliminating the vulnerability.
Implements a reference monitor to mediate access to powerful handles, reducing risk of unintentional privilege escalation in IPC interactions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape from compromised child process via IPC handle manipulation directly enables exploitation for privilege escalation (T1068) and evasion of browser sandbox defenses (T1211).
NVD Description
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original…
more
vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.
Deeper analysisAI
CVE-2025-2857 is a sandbox escape vulnerability in Firefox's IPC code, where a compromised child process can trick the parent process into returning an unintentionally powerful handle. This issue affects only Firefox on Windows; other operating systems are unaffected. It was discovered by Firefox developers after identifying a similar pattern to the Chrome sandbox escape in CVE-2025-2783. The vulnerability carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-668.
An attacker who first compromises a sandboxed child process can exploit this flaw to escape the sandbox and gain elevated privileges in the parent process, potentially leading to full system compromise. The CVSS vector indicates it is exploitable remotely with low complexity, no privileges or user interaction required, and high impact across confidentiality, integrity, and availability due to the changed scope.
Mozilla's security advisory (MFSA 2025-19) confirms the vulnerability was addressed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1. Security practitioners should prioritize updating affected Windows Firefox installations to these versions or later.
This vulnerability follows the in-the-wild exploitation of the related Chrome CVE-2025-2783, highlighting patterns in browser IPC mechanisms that attackers target for sandbox escapes. Details are available in Mozilla Bugzilla (1956398) and the Chromium issue tracker (405143032).
Details
- CWE(s)