VYPR
Medium severity4.8NVD Advisory· Published May 27, 2025· Updated Apr 13, 2026

CVE-2025-5264

CVE-2025-5264

Description

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

40

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.