CVE-2025-47154
CRITICALDescription
LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for use by developers."
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-47154? +
How severe is CVE-2025-47154? +
How do I check if I'm vulnerable to CVE-2025-47154? +
Related Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks …
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
In the Linux kernel, the following vulnerability has been resolved: mm/list_lru: drain before clearing xarray entry on reparent memcg_reparent_list_lrus() clears …
A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an …
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries …
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.