Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-47154
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-01 May, 2025 | 00:00
Updated At-01 May, 2025 | 15:33
Rejected At-
▼CVE Numbering Authority (CNA)

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for use by developers."

Affected Products
Vendor
Ladybird
Product
Ladybird
Default Status
unaffected
Versions
Affected
  • From 0 before f5a670421954fc7130c3685b713c621b29516669 (git)
Problem Types
TypeCWE IDDescription
CWECWE-820CWE-820 Missing Synchronization
Metrics
VersionBase scoreBase severityVector
3.19.0CRITICAL
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://news.ycombinator.com/item?id=43852096
N/A
https://jessie.cafe/posts/pwning-ladybirds-libjs/
N/A
https://github.com/LadybirdBrowser/ladybird/commit/f5a670421954fc7130c3685b713c621b29516669
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jessie.cafe/posts/pwning-ladybirds-libjs/
exploit
Details not found