Main Vulnerability Database SB2025043025

SB2025043025 - SUSE update for MozillaFirefox

Published: April 30, 2025

Security Bulletin ID SB2025043025

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2025-2817)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper locking mechanism in Firefox Updater. A medium-integrity user process can interfere with the SYSTEM-level updater by manipulating the file-locking behavior by injecting code into the user-privileged process. A local user or malicious software installed on the system can bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20251414-1/