

Multiple Zoho ManageEngine Products Vulnerabilities
May 23, 2025
CVE-2025-47181 – Microsoft Edge Chromium Based Vulnerability
May 23, 2025
Multiple Zoho ManageEngine Products Vulnerabilities
May 23, 2025
CVE-2025-47181 – Microsoft Edge Chromium Based Vulnerability
May 23, 2025Severity
Medium
Analysis Summary
CVE-2025-5020 CVSS:4.3
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS.
CVE-2025-4918 CVSS:7.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read or write on a JavaScript `Promise` object. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Denial of Service
- Code Execution
Indicators of Compromise
CVE
CVE-2025-5020
CVE-2025-4918
Affected Vendors
Affected Products
- Mozilla Firefox ESR - 128.10.0
- Mozilla Firefox - 138.0.3
- Mozilla Firefox ESR - 115.23.0
- Mozilla Firefox for iOS - 138
Remediation
Refer to Mozilla Security Advisory for patch, upgrade, or suggested workaround information.