What is the CVSS score of CVE-2025-13019?

CVE-2025-13019 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Cors Misconfiguration are affected by CVE-2025-13019?

CVE-2025-13019 presents notable security risk rated CVSS 8.1. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.. A patch is available.

How to fix or mitigate CVE-2025-13019?

Within 30 days: Identify all affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Cors Misconfiguration CVE-2025-13019

HIGH

Permissive Cross-domain Security Policy with Untrusted Domains (CWE-942)

2025-11-11 security@mozilla.org

Authentication Bypass Mozilla Cors Misconfiguration

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Apr 05, 2026 - 02:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 19:21 vuln.today

CVE Published

Nov 11, 2025 - 16:15 nvd

HIGH 8.1

DescriptionNVD

Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

AnalysisAI

Same-origin policy bypass in the DOM: Workers component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-942. Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Affected products include: Mozilla Firefox.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

Vendor StatusVendor

CVE-2025-13019 vulnerability details – vuln.today

Back