CVE-2025-5687

HIGH 7.8

Local privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below.

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).

Vendor	mozilla
Product	mozilla vpn 2.28.0
Ecosystems	Browser JavaScript
Industries	Technology
Published	Jun 11, 2025
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for mozilla mozilla vpn 2.28.0

Be the first to know when new high vulnerabilities affecting mozilla mozilla vpn 2.28.0 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Mozilla / Mozilla VPN 2.28.0

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=1953736 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-48/

Credits

Egor Filatov (Positive Technologies)