CVE-2025-32792 Overview
CVE-2025-32792 affects Secure ECMAScript (SES), a JavaScript runtime library that executes third-party 'strict' mode programs in isolated compartments. The vulnerability allows third-party code evaluated inside a Compartment to observe top-level let, const, and class bindings declared in <script> tags on the host page. This breaks the isolation guarantee that SES provides to web pages and web extensions. The flaw is tracked under CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere. The maintainers patched the issue in ses version 1.12.0.
Critical Impact
Third-party code running inside an SES compartment can read host-page lexical bindings that were intended to remain private, defeating the isolated execution boundary.
Affected Products
- ses package versions prior to 1.12.0
- Web pages using the SES Compartment API with top-level let, const, or class declarations in <script> tags
- Web extensions relying on SES to sandbox third-party JavaScript
Discovery Timeline
- 2025-04-18 - CVE-2025-32792 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-32792
Vulnerability Analysis
SES (Secure ECMAScript) provides the Compartment API to evaluate untrusted JavaScript in an isolated lexical and global scope. The isolation contract states that code inside a compartment should only see bindings explicitly provided through the compartment's global scope.
The vulnerability breaks this contract. When a host page declares variables using let, const, or class at the top level of a <script> tag, those declarations populate the script's lexical scope rather than globalThis. Prior to version 1.12.0, SES inadvertently exposed this lexical scope to code running inside compartments. Third-party scripts could read identifiers that the page author assumed were private.
The issue carries an EPSS score of 0.866% with a percentile of 75.242, indicating moderate exploitation likelihood relative to other CVEs.
Root Cause
The root cause is improper isolation between the host page's lexical environment and the compartment's evaluation scope. ECMAScript stores top-level let, const, and class bindings in a script-level Lexical Environment record, distinct from the global object. SES did not fully sever this lexical chain when constructing compartment evaluators, leaving the host bindings reachable through the lexical scope walk performed by guest code.
Attack Vector
An attacker supplies untrusted JavaScript that a page evaluates inside an SES Compartment. The guest code references identifier names that match host-page let, const, or class declarations. Because these bindings leak into the compartment's lexical scope, the guest reads their values directly. The attack requires no privileges and no user interaction, and the vector is network-reachable through any standard JavaScript delivery path such as third-party widgets, advertising scripts, or browser extension content scripts.
The vulnerability mechanism is documented in the GitHub Security Advisory GHSA-h9w6-f932-gq62. No public proof-of-concept exploit is currently listed.
Detection Methods for CVE-2025-32792
Indicators of Compromise
- Third-party scripts in compartments referencing identifier names that match host-page top-level let, const, or class declarations
- Unexpected network exfiltration of values that mirror host-page variable names
- Web extension content scripts reading data they were not explicitly granted
Detection Strategies
- Audit application dependencies for ses versions earlier than 1.12.0 using npm ls ses or equivalent lockfile inspection
- Static-analysis scanning of <script> tags for top-level let, const, and class declarations in pages that also instantiate Compartment
- Review code-review pipelines for use of the SES Compartment API together with lexically scoped top-level bindings
Monitoring Recommendations
- Track Content Security Policy (CSP) violation reports and outbound requests from pages that load third-party scripts inside SES compartments
- Log compartment evaluation calls and the source URLs of guest code for forensic review
- Subscribe to the endojs/endo security advisories feed for follow-up disclosures
How to Mitigate CVE-2025-32792
Immediate Actions Required
- Upgrade the ses package to version 1.12.0 or later across all production and development environments
- Inventory all web pages and web extensions that evaluate third-party code through the Compartment API
- Rotate any secrets or tokens that may have been declared as top-level let or const bindings on affected pages
Patch Information
The maintainers fixed the lexical scope leak in ses version 1.12.0. Refer to the GitHub Security Advisory GHSA-h9w6-f932-gq62 for patch commit details and release notes published by the endojs project.
Workarounds
- Avoid top-level let, const, and class declarations in <script> tags on pages that use SES compartments
- Convert affected declarations to var, which binds to globalThis and is governed by the compartment's explicit global isolation
- Move sensitive bindings into an IIFE (Immediately Invoked Function Expression) so they are not reachable from the script-level lexical environment
# Upgrade ses to the patched version
npm install ses@^1.12.0
# Verify the installed version
npm ls ses
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
