CVE-2025-6431

| EUVD-2025-19087 MEDIUM
2025-06-24 [email protected]
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19087
CVE Published
Jun 24, 2025 - 13:15 nvd
MEDIUM 6.5

Tags

Mozilla Google Authentication Bypass Ubuntu Debian Firefox Android Redhat Suse

Description

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Analysis

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Technical Context

This vulnerability is classified as Improper Authorization (CWE-285).

Affected Products

Affected products: Mozilla Firefox

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Vendor Status

Ubuntu

Priority: Medium
firefox
Release Status Version
jammy not-affected code not present
noble not-affected code not present
oracular not-affected code not present
plucky not-affected code not present
upstream not-affected debian: Android-specific
questing not-affected code not present
thunderbird
Release Status Version
noble not-affected code not present
oracular not-affected code not present
plucky not-affected code not present
upstream needs-triage -
jammy not-affected code not present
questing not-affected code not present
mozjs38
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -
mozjs52
Release Status Version
bionic ignored -
focal ignored -
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -
mozjs68
Release Status Version
focal ignored -
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -
mozjs78
Release Status Version
jammy ignored -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -
mozjs91
Release Status Version
jammy ignored -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -
mozjs102
Release Status Version
jammy ignored -
noble ignored -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -
mozjs115
Release Status Version
jammy DNE -
noble ignored -
oracular ignored -
plucky ignored -
upstream needs-triage -
questing DNE -

Debian

firefox
Release Status Fixed Version Urgency
sid fixed 148.0.2-1 -
(unstable) not-affected - -

Share

CVE-2025-6431 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy