CVE-2025-4918

Published May 17, 2025

Last updated a day ago

CVSS high 7.5
Firefox

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4918 involves an out-of-bounds read or write vulnerability affecting JavaScript `Promise` objects. This vulnerability impacts Firefox versions earlier than 138.0.4, Firefox ESR versions earlier than 128.10.1, and Firefox ESR versions earlier than 115.23.1. The vulnerability stems from the JavaScript Handler component, where manipulating an unknown input leads to an out-of-bounds write. Successful exploitation could compromise confidentiality, integrity, and availability.

Description
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
Source
security@mozilla.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-125

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

51

  1. 모질라, 파이어폭스 제로데이 취약점 긴급 보안 업데이트 발표 Pwn2Own 베를린 2025 해킹대회서 발견된 취약점 2개 긴급 보안 업데이트 출시. CVE-2025-4918 자바스크립트 엔진에서 범위를 벗어난 읽기/쓰기 문제 발생. C

    @OxBw27B18Xt0Ilz

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️Explotación de vulnerabilidades en Mozilla ❗CVE-2025-4919 ❗CVE-2025-4918 ➡️Más info: https://t.co/zajM0tneY3 https://t.co/PXpLq0WfxI

    @CERTpy

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. معالجة ثغرتين خطيرتين في #فايرفوكس (Zero-Day) بعد استغلالهما في مسابقة أمنية 🆔 الأولى: CVE-2025-4918 🆔 الثانية: CVE-2025-4919 💸 المكافأة: 100 ألف دولار إذا تستخدم فايرفو

    @cyberscastx

    902 Impressions

    2 Retweets

    13 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 緊急アラート:Firefoxユーザーは今すぐアップデートを! Mozillaが2つの重大なゼロデイ脆弱性に対する緊急パッチをリリースしました。 これらの脆弱性(CVE-2025-4918、CVE-2025-4919)はすでに実際の攻撃で悪

    @TechTrendsJP

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Mozilla rapidly released security patches for Firefox to fix two critical zero-day vulnerabilities (CVE-2025-4918 &amp; CVE-2025-4919) exposed at Pwn2Own Berlin 2025. Updates protect users from exploitation. #Mozilla #Firefox #Germany 🔒 https://t.co/iwHtL3LnMZ

    @TweetThreatNews

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ‼️ Slackware 15.0 Security Patch Alert ‼️ Firefox 128.10.1 ESR fixes CVE-2025-4918 (RCE) &amp; CVE-2025-4919 (Privilege Escalation). Patch immediately! 🔗 Download + MD5 checksums: 👇https://t.co/I0EtEAHEV7 #InfoSec #Linux #Firefox https://t.co/dzN80bS07n

    @Cezar_H_Linux

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Critical Firefox updates are out! Mozilla patched 2 zero-day vulnerabilities (CVE-2025-4918 &amp; CVE-2025-4919) exploited at Pwn2Own Berlin. Update to v138.0.4 ASAP to stay protected! 🛡️ Read more here: &lt;https://t.co/RB4AFoPb1o&gt; #Firefox #ZeroDay #Cybersecurity

    @fernandokarl

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨Firefox: Two 0-Day Vulnerabilities Exploited. -PATCH NOW- Mozilla has patched two critical zero-day vulnerabilities (CVE-2025-4918, CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin. The flaws allow read/write on JavaScript objects, risking data exposure or code https:

    @H4ckManac

    12878 Impressions

    95 Retweets

    163 Likes

    25 Bookmarks

    2 Replies

    4 Quotes

  9. Mozilla patches two critical zero-day vulnerabilities (CVE-2025-4918 &amp; CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin, risking data access and remote code execution. Researchers: Bochin, Yan, &amp; Paul. 🔒🇩🇪 #Firefox #ZeroDay #Germany https://t.co/ZZPJIoSBAw

    @TweetThreatNews

    40 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. 📌 قامت موزيلا بإصدار تحديثات أمان للإصلاح ثغرتين خطيرتين في متصفح فايرفوكس تم استغلالهما في مسابقة Pwn2Own في برلين. يمكن أن تؤدي الثغرات إلى الوصول إلى بيا

    @Cybercachear

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🛑 2 critical Firefox zero-days — CVE-2025-4918 &amp; CVE-2025-4919 — proven exploitable. Attackers can read/write sensitive data or trigger remote code execution. Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1 🔗 Patch now. Full story: htt

    @TheHackersNews

    32053 Impressions

    149 Retweets

    272 Likes

    60 Bookmarks

    6 Replies

    11 Quotes

  12. 「Firefox」にJavaScriptのオブジェクト処理に起因する深刻な脆弱性2件(CVE-2025-4918、CVE-2025-4919)が発見されたとのこと。

    @atkmywk

    111 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. CVE-2025-4918 An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox ESR &lt; 115.23.1. https://t.co/tzZnwmWq4G

    @CVEnew

    433 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.