SUSE update for MozillaFirefox, MozillaFirefox-branding-SLE

Published: 2025-07-28

Risk	High
Patch available	YES
Number of vulnerabilities	27
CVE-ID	CVE-2025-6424 CVE-2025-6425 CVE-2025-6426 CVE-2025-6427 CVE-2025-6428 CVE-2025-6429 CVE-2025-6430 CVE-2025-6431 CVE-2025-6432 CVE-2025-6433 CVE-2025-6434 CVE-2025-6435 CVE-2025-6436 CVE-2025-8027 CVE-2025-8028 CVE-2025-8029 CVE-2025-8030 CVE-2025-8031 CVE-2025-8032 CVE-2025-8033 CVE-2025-8034 CVE-2025-8035 CVE-2025-8036 CVE-2025-8037 CVE-2025-8038 CVE-2025-8039 CVE-2025-8040
CWE-ID	CWE-416 CWE-200 CWE-357 CWE-693 CWE-451 CWE-20 CWE-358 CWE-119 CWE-126 CWE-682 CWE-94 CWE-476 CWE-450
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Desktop Applications Module Operating systems & Components / Operating system SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP3 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP4 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system pipewire-libpulse-0_3 Operating systems & Components / Operating system package or component pipewire-libpulse-0_3-debuginfo Operating systems & Components / Operating system package or component MozillaFirefox-devel Operating systems & Components / Operating system package or component MozillaFirefox Operating systems & Components / Operating system package or component MozillaFirefox-branding-SLE Operating systems & Components / Operating system package or component MozillaFirefox-translations-other Operating systems & Components / Operating system package or component MozillaFirefox-branding-upstream Operating systems & Components / Operating system package or component MozillaFirefox-debuginfo Operating systems & Components / Operating system package or component MozillaFirefox-debugsource Operating systems & Components / Operating system package or component MozillaFirefox-translations-common Operating systems & Components / Operating system package or component pipewire-module-x11-0_3-debuginfo Operating systems & Components / Operating system package or component pipewire-module-x11-0_3 Operating systems & Components / Operating system package or component pipewire-alsa-64bit Operating systems & Components / Operating system package or component pipewire-modules-0_3-64bit Operating systems & Components / Operating system package or component pipewire-alsa-64bit-debuginfo Operating systems & Components / Operating system package or component pipewire-modules-0_3-64bit-debuginfo Operating systems & Components / Operating system package or component xdg-desktop-portal-lang Operating systems & Components / Operating system package or component pipewire-alsa-32bit-debuginfo Operating systems & Components / Operating system package or component pipewire-modules-0_3-32bit Operating systems & Components / Operating system package or component pipewire-modules-0_3-32bit-debuginfo Operating systems & Components / Operating system package or component pipewire-alsa-32bit Operating systems & Components / Operating system package or component xdg-desktop-portal-debuginfo Operating systems & Components / Operating system package or component xdg-desktop-portal-debugsource Operating systems & Components / Operating system package or component xdg-desktop-portal-devel Operating systems & Components / Operating system package or component pipewire-modules-0_3 Operating systems & Components / Operating system package or component pipewire-libjack-0_3-devel Operating systems & Components / Operating system package or component pipewire-modules-0_3-debuginfo Operating systems & Components / Operating system package or component xdg-desktop-portal Operating systems & Components / Operating system package or component pipewire-spa-plugins-0_2-64bit Operating systems & Components / Operating system package or component pipewire-libjack-0_3-64bit Operating systems & Components / Operating system package or component pipewire-modules-64bit Operating systems & Components / Operating system package or component pipewire-spa-plugins-0_2-64bit-debuginfo Operating systems & Components / Operating system package or component libpipewire-0_3-0-64bit-debuginfo Operating systems & Components / Operating system package or component libpipewire-0_3-0-64bit Operating systems & Components / Operating system package or component pipewire-modules-64bit-debuginfo Operating systems & Components / Operating system package or component pipewire-libjack-0_3-64bit-debuginfo Operating systems & Components / Operating system package or component pipewire-lang Operating systems & Components / Operating system package or component pipewire-libjack-0_3-32bit-debuginfo Operating systems & Components / Operating system package or component pipewire-spa-plugins-0_2-32bit-debuginfo Operating systems & Components / Operating system package or component libpipewire-0_3-0-32bit Operating systems & Components / Operating system package or component pipewire-modules-32bit-debuginfo Operating systems & Components / Operating system package or component libpipewire-0_3-0-32bit-debuginfo Operating systems & Components / Operating system package or component pipewire-modules-32bit Operating systems & Components / Operating system package or component pipewire-libjack-0_3-32bit Operating systems & Components / Operating system package or component pipewire-spa-plugins-0_2-32bit Operating systems & Components / Operating system package or component pipewire-spa-tools-debuginfo Operating systems & Components / Operating system package or component pipewire-modules-debuginfo Operating systems & Components / Operating system package or component pipewire-tools-debuginfo Operating systems & Components / Operating system package or component pipewire-doc Operating systems & Components / Operating system package or component pipewire-debuginfo Operating systems & Components / Operating system package or component pipewire-devel Operating systems & Components / Operating system package or component pipewire-pulseaudio-debuginfo Operating systems & Components / Operating system package or component pipewire-alsa-debuginfo Operating systems & Components / Operating system package or component pipewire-spa-tools Operating systems & Components / Operating system package or component pipewire Operating systems & Components / Operating system package or component pipewire-spa-plugins-0_2-debuginfo Operating systems & Components / Operating system package or component libpipewire-0_3-0 Operating systems & Components / Operating system package or component pipewire-libjack-0_3-debuginfo Operating systems & Components / Operating system package or component pipewire-alsa Operating systems & Components / Operating system package or component gstreamer-plugin-pipewire-debuginfo Operating systems & Components / Operating system package or component pipewire-modules Operating systems & Components / Operating system package or component pipewire-spa-plugins-0_2 Operating systems & Components / Operating system package or component pipewire-tools Operating systems & Components / Operating system package or component pipewire-pulseaudio Operating systems & Components / Operating system package or component libpipewire-0_3-0-debuginfo Operating systems & Components / Operating system package or component gstreamer-plugin-pipewire Operating systems & Components / Operating system package or component pipewire-libjack-0_3 Operating systems & Components / Operating system package or component pipewire-debugsource Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU111885

Risk: High

CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-6424

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in FontFaceSet. A remote attacker can trick the victim into opening a specially crafted website and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU111886

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-6425

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the WebCompat extension shipped with Firefox allows to enumerate resources and obtain a persistent UUID that identifies the browser, and persists between containers and normal/private browsing mode, but not profiles.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU111887

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-6426

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the terminal extension does not show a warning when opening an executable terminal filer on macOS. A remote attacker can trick the victim into executing an executable file and compromise the affected system.

Note, the vulnerability affects macOS installations only.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Protection Mechanism Failure

EUVDB-ID: #VU111890

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-6427

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. An attacker is able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Spoofing attack

EUVDB-ID: #VU111891

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-6428

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to Firefox for Android follows the URL provided in a link querystring parameter instead of the correct URL. A remote attacker can perform a phishing attack.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU111888

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-6429

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect parsing of embedded URLs that led to URLs being rewritten to the youtube.com domain. A remote attacker can use a specially crafted embed tag to bypass website security checks that restricted which domains users were allowed to embed.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Protection Mechanism Failure

EUVDB-ID: #VU111889

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-6430

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling embed or object tags. When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU111892

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-6431

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in Firefox for Android when opening URLs in external applications. A remote attacker can bypass the prompt asking for confirmation to open an URL in an external application.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU111893

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-6432

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to DNS requests can be leaked outside of a configured SOCKS proxy. When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improperly implemented security check for standard

EUVDB-ID: #VU111894

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-6433

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when handling invalid TLS certificates. If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors".

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Protection Mechanism Failure

EUVDB-ID: #VU111895

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-6434

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU111896

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-6435

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate file a downloaded extension.

The vulnerability exists due to insufficient validation of user-supplied input. If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU111897

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-6436

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer Over-read

EUVDB-ID: #VU113137

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-8027

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists on 64-bit systems due to IonMonkey-JIT JavaScript engine write only 32 bits of the 64-bit return value space on the stack, however read the entire 64 bits. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Incorrect calculation

EUVDB-ID: #VU113138

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-8028

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a WASM br_table instruction with a lot of entries can lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. A remote attacker can execute arbitrary code on the target system.

Note, the vulnerability affects ARM64 systems only.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Code Injection

EUVDB-ID: #VU113141

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-8029

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code passed via URL.

The vulnerability exists due to Firefox executes javascript: URLs when used in object and embed tags. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code via objects or embed tags.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Code Injection

EUVDB-ID: #VU113142

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-8030

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the “Copy as cURL” feature. A remote attacker can trick the victim into copying a specially crafted URL and execute unexpected code on the system.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information disclosure

EUVDB-ID: #VU113143

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-8031

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect stripping in CSP reports. The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Protection Mechanism Failure

EUVDB-ID: #VU113144

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-8032

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect propagation of the source document when loading an XSLT document. A remote attacker can bypass CSP restrictions.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU113139

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-8033

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the JavaScript engine when handling closed generators. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU113140

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-8034

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU113145

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-8035

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Protection Mechanism Failure

EUVDB-ID: #VU113146

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-8036

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Firefox caches CORS preflight responses across IP address changes. A remote attacker can circumvent CORS with DNS rebinding.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Protection Mechanism Failure

EUVDB-ID: #VU113147

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-8037

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way Firefox handles nameless cookies with an equals sign in the value. Such a cookie would shadow other cookies, even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Protection Mechanism Failure

EUVDB-ID: #VU113148

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-8038

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Firefox ignored paths when checking the validity of navigations in a frame. A remote attacker can bypass CSP frame-src setting.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Multiple Interpretations of UI Input

EUVDB-ID: #VU113149

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-8039

CWE-ID: CWE-450 - Multiple Interpretations of UI Input

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to in some cases search terms persisted in the URL bar even after navigating away from the search page. A remote attacker can obtain information about previous searches.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer overflow

EUVDB-ID: #VU113150

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-8040

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package MozillaFirefox, MozillaFirefox-branding-SLE to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

pipewire-libpulse-0_3: before 0.3.6-150200.3.11.1

pipewire-libpulse-0_3-debuginfo: before 0.3.6-150200.3.11.1

MozillaFirefox-devel: before 140.1.0-150200.152.193.1

MozillaFirefox: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-SLE: before 140-150200.9.21.1

MozillaFirefox-translations-other: before 140.1.0-150200.152.193.1

MozillaFirefox-branding-upstream: before 140.1.0-150200.152.193.1

MozillaFirefox-debuginfo: before 140.1.0-150200.152.193.1

MozillaFirefox-debugsource: before 140.1.0-150200.152.193.1

MozillaFirefox-translations-common: before 140.1.0-150200.152.193.1

pipewire-module-x11-0_3-debuginfo: before 0.3.64-150500.3.7.2

pipewire-module-x11-0_3: before 0.3.64-150500.3.7.2

pipewire-alsa-64bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit: before 0.3.49-150400.3.7.1

pipewire-alsa-64bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-64bit-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal-lang: before 1.8.0-150200.5.8.1

pipewire-alsa-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-32bit-debuginfo: before 0.3.49-150400.3.7.1

pipewire-alsa-32bit: before 0.3.49-150400.3.7.1

xdg-desktop-portal-debuginfo: before 1.8.0-150200.5.8.1

xdg-desktop-portal-debugsource: before 1.8.0-150200.5.8.1

xdg-desktop-portal-devel: before 1.8.0-150200.5.8.1

pipewire-modules-0_3: before 0.3.49-150400.3.7.1

pipewire-libjack-0_3-devel: before 0.3.49-150400.3.7.1

pipewire-modules-0_3-debuginfo: before 0.3.49-150400.3.7.1

xdg-desktop-portal: before 1.8.0-150200.5.8.1

pipewire-spa-plugins-0_2-64bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-64bit: before 0.3.24-150300.4.8.1

pipewire-modules-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-64bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-lang: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit: before 0.3.24-150300.4.8.1

pipewire-modules-32bit-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-32bit-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-32bit: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-32bit: before 0.3.24-150300.4.8.1

pipewire-spa-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules-debuginfo: before 0.3.24-150300.4.8.1

pipewire-tools-debuginfo: before 0.3.24-150300.4.8.1

pipewire-doc: before 0.3.24-150300.4.8.1

pipewire-debuginfo: before 0.3.6-150200.3.11.1

pipewire-devel: before 0.3.24-150300.4.8.1

pipewire-pulseaudio-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa-debuginfo: before 0.3.24-150300.4.8.1

pipewire-spa-tools: before 0.3.24-150300.4.8.1

pipewire: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2-debuginfo: before 0.3.24-150300.4.8.1

libpipewire-0_3-0: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3-debuginfo: before 0.3.24-150300.4.8.1

pipewire-alsa: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire-debuginfo: before 0.3.24-150300.4.8.1

pipewire-modules: before 0.3.24-150300.4.8.1

pipewire-spa-plugins-0_2: before 0.3.24-150300.4.8.1

pipewire-tools: before 0.3.24-150300.4.8.1

pipewire-pulseaudio: before 0.3.24-150300.4.8.1

libpipewire-0_3-0-debuginfo: before 0.3.24-150300.4.8.1

gstreamer-plugin-pipewire: before 0.3.24-150300.4.8.1

pipewire-libjack-0_3: before 0.3.24-150300.4.8.1

pipewire-debugsource: before 0.3.6-150200.3.11.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502529-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.