CVE-2025-47154

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-47154

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47154.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-47154

Published

2025-05-01T08:15:17.950Z

Modified

2026-04-12T17:04:14.473166Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for use by developers."

References

Affected packages

Git / github.com/ladybirdbrowser/ladybird

Affected ranges

Type: GIT
Repo: https://github.com/ladybirdbrowser/ladybird
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f5a670421954fc7130c3685b713c621b29516669

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47154.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "78145721894044113831245308110787286871",
                "26641897745351241291467529065564590954",
                "147734716286958743607801282599752901741",
                "153861863509097765535148541323237756297",
                "12151441737464691349738714897379041698",
                "3686700072043609116267895963213803858",
                "9424494864836323631286429448587204674",
                "297981745157393919924355575676547882378",
                "285647585967189702687540233700516111359",
                "232408572668157654726044103523423143502",
                "177727730558407447935187054991190642978",
                "6053084403272853370610463908802501837",
                "287008995418993049523404352925508652584",
                "121168277611002514718875672847163919709"
            ]
        },
        "source": "https://github.com/ladybirdbrowser/ladybird/commit/f5a670421954fc7130c3685b713c621b29516669",
        "id": "CVE-2025-47154-a2fbdd12",
        "signature_type": "Line",
        "target": {
            "file": "Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 1834.0,
            "function_hash": "51080387462553014103704455605858948188"
        },
        "source": "https://github.com/ladybirdbrowser/ladybird/commit/f5a670421954fc7130c3685b713c621b29516669",
        "id": "CVE-2025-47154-fb7c361d",
        "signature_type": "Function",
        "target": {
            "function": "ECMAScriptFunctionObject::internal_construct",
            "file": "Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp"
        }
    }
]

vanir_signatures_modified

"2026-04-12T17:04:14Z"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "f5a6704"
            }
        ]
    }
]