CVE-2025-25303

The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the extension user. Because pdf.mjs is imported in viewer.html and viewer.html is accessible to all URLs, an attacker can force the user’s browser to make a request to any arbitrary URL. After discussion with maintainer, patching this issue would require disabling a major feature of the extension in exchange for a low severity vulnerability. Decision to not patch issue.

CVSS

No CVSS.

References

Link	Resource
https://github.com/ttop32/MouseTooltipTranslator/blob/0.1.127/public/manifest.json#L23
https://github.com/ttop32/MouseTooltipTranslator/blob/0.1.127/public/pdfjs/build/pdf.mjs#L13932
https://securitylab.github.com/advisories/GHSL-2024-018_MouseTooltipTranslator/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La extensión de Chrome MouseTooltipTranslator permite traducir cualquier idioma a la vez con el mouse. La extensión del navegador MouseTooltipTranslator es vulnerable a ataques SSRF. El script pdf.mjs usa el parámetro URL de la URL actual como el archivo que se descargará y mostrará al usuario de la extensión. Debido a que pdf.mjs se importa en viewer.html y viewer.html es accesible para todas las URL, un atacante puede forzar al navegador del usuario a realizar una solicitud a cualquier URL arbitraria. Después de discutirlo con el fabricante, para solucionar este problema sería necesario deshabilitar una característica importante de la extensión a cambio de una vulnerabilidad de baja gravedad. Se decidió no solucionar el problema.

03 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-03 17:15

Updated : 2026-06-17 09:00

NVD link : CVE-2025-25303

Mitre link : CVE-2025-25303

CVE.ORG link : CVE-2025-25303

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-25303", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-25303", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T16:41:36.594673Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "ttop32", "product": "MouseTooltipTranslator", "versions": [{"status": "affected", "version": "<= 0.1.127"}]}]}], "published": "2025-03-03T17:15:15.073", "references": [{"url": "https://github.com/ttop32/MouseTooltipTranslator/blob/0.1.127/public/manifest.json#L23", "source": "security-advisories@github.com"}, {"url": "https://github.com/ttop32/MouseTooltipTranslator/blob/0.1.127/public/pdfjs/build/pdf.mjs#L13932", "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/advisories/GHSL-2024-018_MouseTooltipTranslator/", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the extension user. Because pdf.mjs is imported in viewer.html and viewer.html is accessible to all URLs, an attacker can force the user\u2019s browser to make a request to any arbitrary URL. After discussion with maintainer, patching this issue would require disabling a major feature of the extension in exchange for a low severity vulnerability. Decision to not patch issue."}, {"lang": "es", "value": "La extensi\u00f3n de Chrome MouseTooltipTranslator permite traducir cualquier idioma a la vez con el mouse. La extensi\u00f3n del navegador MouseTooltipTranslator es vulnerable a ataques SSRF. El script pdf.mjs usa el par\u00e1metro URL de la URL actual como el archivo que se descargar\u00e1 y mostrar\u00e1 al usuario de la extensi\u00f3n. Debido a que pdf.mjs se importa en viewer.html y viewer.html es accesible para todas las URL, un atacante puede forzar al navegador del usuario a realizar una solicitud a cualquier URL arbitraria. Despu\u00e9s de discutirlo con el fabricante, para solucionar este problema ser\u00eda necesario deshabilitar una caracter\u00edstica importante de la extensi\u00f3n a cambio de una vulnerabilidad de baja gravedad. Se decidi\u00f3 no solucionar el problema."}], "lastModified": "2026-06-17T09:00:39.020", "sourceIdentifier": "security-advisories@github.com"}