Mozilla Foundation Security Advisory 2025-48

Security Issue fixed in Mozilla VPN for macOS v2.28.0

Announced

May 30, 2025

Impact

high

Products

Mozilla VPN 2.28.0

Fixed in

Mozilla VPN 2.28.0 (macOS)

#CVE-2025-5687: Local privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below.

Reporter: Egor Filatov (Positive Technologies)
Impact: high

Description

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.
This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.

References

Bug 1953736

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products