CVE-2025-5687: Vulnerability in Mozilla Mozilla VPN 2.28.0
A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).
AI Analysis
Technical Summary
This vulnerability (CVE-2025-5687) exists in Mozilla VPN on macOS and permits an unprivileged user to escalate privileges to root. It is classified under CWE-269 (Improper Privilege Management). The flaw affects Mozilla VPN versions 2.27.0 and earlier on macOS. Mozilla addressed this security issue by releasing version 2.28.0, which contains the fix. The CVSS v3.1 base score is 7.8, indicating a high severity level, with attack vector local, low attack complexity, requiring low privileges, no user interaction, and impacts confidentiality, integrity, and availability.
Potential Impact
Successful exploitation of this vulnerability allows a local attacker with normal user privileges on macOS to escalate to root privileges, potentially leading to full system compromise. The impact is high as it affects confidentiality, integrity, and availability of the system where Mozilla VPN is installed on macOS.
Mitigation Recommendations
Users should upgrade Mozilla VPN on macOS to version 2.28.0 or later, where this vulnerability has been fixed. No other mitigation is required as the vendor has provided an official fix.
CVE-2025-5687: Vulnerability in Mozilla Mozilla VPN 2.28.0
Description
A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-5687) exists in Mozilla VPN on macOS and permits an unprivileged user to escalate privileges to root. It is classified under CWE-269 (Improper Privilege Management). The flaw affects Mozilla VPN versions 2.27.0 and earlier on macOS. Mozilla addressed this security issue by releasing version 2.28.0, which contains the fix. The CVSS v3.1 base score is 7.8, indicating a high severity level, with attack vector local, low attack complexity, requiring low privileges, no user interaction, and impacts confidentiality, integrity, and availability.
Potential Impact
Successful exploitation of this vulnerability allows a local attacker with normal user privileges on macOS to escalate to root privileges, potentially leading to full system compromise. The impact is high as it affects confidentiality, integrity, and availability of the system where Mozilla VPN is installed on macOS.
Mitigation Recommendations
Users should upgrade Mozilla VPN on macOS to version 2.28.0 or later, where this vulnerability has been fixed. No other mitigation is required as the vendor has provided an official fix.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-06-04T14:07:33.129Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6849756223110031d40fa8ca
Added to database: 6/11/2025, 12:24:02 PM
Last enriched: 4/14/2026, 11:50:38 AM
Last updated: 5/8/2026, 5:15:22 PM
Views: 82
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.