CVE-2025-43330: breaking out of a sandbox using font files
bsssq.xyzI am not the author of this post. The exploration of the scheme based sandbox permissions DSL was interesting to me. It's a classic issue of a custom parser with bad input validation.
thanks for sharing! yes, it's a textbook vulnerability that was really quite trivial to exploit.
It was a fun read - digestible for those of us without a ton of experience in advanced security background knowledge.