CVE-2025-2857

CRITICAL EXPLOITED

Firefox < 136.0.4, 115.21.1, 128.8.1-128., 136.0.4-136. - Sandbox Escape via IPC Handle Mismanagement

Title source: llm

Exploitation Summary

CVE-2025-2857 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Leviticus-Triage.

AI-analyzed exploit summary The repository appears to be a framework for Chrome exploits but lacks actual exploit code for CVE-2025-2857. It contains extensive documentation, contribution guidelines, and placeholder structures but no functional PoC or technical details specific to the CVE.

Description

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.

Exploits (1)

github SUSPICIOUS 13 stars

by Leviticus-Triage · pythonpoc

https://github.com/Leviticus-Triage/ChromSploit-Framework

View Code ZIP pw:eip

The repository appears to be a framework for Chrome exploits but lacks actual exploit code for CVE-2025-2857. It contains extensive documentation, contribution guidelines, and placeholder structures but no functional PoC or technical details specific to the CVE.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Google Chrome (unspecified version)

No auth needed

Prerequisites: None specified

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Permissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=1956398

Permissions Required

https://issues.chromium.org/issues/405143032

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2025-2783

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2025-19/

Scores

CVSS v3 10.0

EPSS 0.0020

EPSS Percentile 42.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-01-20

CWE

CWE-668

Status published

Products (5)

mozilla/firefox < 115.21.1

mozilla/firefox < 136.0.4

Mozilla/Firefox 115.21.1 - 115.*

Mozilla/Firefox 128.8.1 - 128.*

Mozilla/Firefox 136.0.4

Published Mar 27, 2025

Tracked Since Feb 18, 2026