An uninitialized read vulnerability by incorrect Turboshaft Store-Store Elimination in V8.
This repository contains analysis and stablized exploit to escalate this vulnerability to achieve in-V8-sandbox Arbitrary Read / Write, AddressOf & FakeObject primitives.
Analysis: CVE-2025-5419.pdf
- OS: Ubuntu 24.04
- Git Commit: 609a85c2a1bd77d6f6905369f4bc4fcf34c5db09
- Shoutout to Clement Lecigne @_clem1 and Benoît Sevens @benoitsevens for finding the bug.
- Shoutout to @mistymntncop for providing a wonderfully crafted exploit.
- https://issues.chromium.org/issues/420636529
- https://github.com/mistymntncop/CVE-2025-5419/blob/main/exploit.js
- https://chromium-review.googlesource.com/c/v8/v8/+/6594051
This repository is intended solely for educational purposes and must not be used for any malicious activities.