Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
CVE-2025-43330: breaking out of a sandbox using font files
(opens in new tab)
(bsssq.xyz)
3 points
faxmeyourcode
9mo ago
3 comments
Save
Share
3 comments
3 comments · 1 top-level
top
newest
oldest
faxmeyourcode
OP
9mo ago
· 2 in thread
I am not the author of this post. The exploration of the scheme based sandbox permissions DSL was interesting to me. It's a classic issue of a custom parser with bad input validation.
bsssq
9mo ago
thanks for sharing! yes, it's a textbook vulnerability that was really quite trivial to exploit.
faxmeyourcode
OP
9mo ago
It was a fun read - digestible for those of us without a ton of experience in advanced security background knowledge.
j
/
k
navigate · click thread line to collapse
