CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2857
https://notcve.org/view.php?id=CVE-2025-2857
27 Mar 2025 — Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1956398 •
CVSS: 8.3EPSS: 9%CPEs: 1EXPL: 1CVE-2025-2783 – Google Chromium Mojo Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2025-2783
26 Mar 2025 — Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. • https://github.com/raulchung/CVE-2025-2783 •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27107 – Integrated Scripting vulnerable to arbitrary code execution via Java reflection
https://notcve.org/view.php?id=CVE-2025-27107
13 Mar 2025 — By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods. By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods. • https://github.com/CyclopsMC/IntegratedScripting/blob/29051aace619604fb5dd60624b72dba428fea2f2/src/main/java/org/cyclops/integratedscripting/evaluate/ScriptHelpers.java#L46 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27516 – Jinja sandbox breakout through attr filter selecting format method
https://notcve.org/view.php?id=CVE-2025-27516
05 Mar 2025 — Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. ... Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `|attr` filter to get a reference to a string's plain format method, bypassing the sandbox. • https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1930 – firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process
https://notcve.org/view.php?id=CVE-2025-1930
04 Mar 2025 — This could have led to a sandbox escape. ... This could have led to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902309 • CWE-416: Use After Free •
CVSS: 8.2EPSS: 8%CPEs: -EXPL: 0CVE-2025-22225 – VMware ESXi Arbitrary Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-22225
04 Mar 2025 — A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. ... A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. ... Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 • CWE-123: Write-what-where Condition •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0982 – Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)
https://notcve.org/view.php?id=CVE-2025-0982
06 Feb 2025 — Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. • https://cloud.google.com/application-integration/docs/release-notes#January_23_2025 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24359 – ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape
https://notcve.org/view.php?id=CVE-2025-24359
24 Jan 2025 — ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the v... • https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507 • CWE-134: Use of Externally-Controlled Format String CWE-749: Exposed Dangerous Method or Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56326 – Jinja has a sandbox breakout through indirect reference to format method
https://notcve.org/view.php?id=CVE-2024-56326
23 Dec 2024 — Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. ... After the fix, such indirect calls are also handled by the sandbox. ... El sandbox de Jinja capta llamadas a str.format y garantiza que no escapen de la sandbox. ... Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. ... After the fix, such indirect calls are also handled by the sandbox. • https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4 • CWE-693: Protection Mechanism Failure CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56201 – Jinja has a sandbox breakout through malicious filenames
https://notcve.org/view.php?id=CVE-2024-56201
23 Dec 2024 — Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. ... In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. ... A bug in the Jinja compiler allows an attacker that controls both ... • https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •