How to fix EUVD-2025-19101?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Is Ubuntu affected by EUVD-2025-19101?

CVE-2025-6425 presents moderate security risk, a information exposure vulnerability rated CVSS 4.3. Sensitive information could be exposed to unauthorized parties. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-19101

| CVE-2025-6425 MEDIUM

2025-06-24 [email protected]

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-19101

CVE Published

Jun 24, 2025 - 13:15 nvd

MEDIUM 4.3

Description

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

Analysis

Technical Context

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Information Exposure (CWE-200).

Affected Products

Affected products: Mozilla Firefox

Remediation

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +22

POC: 0

Vendor Status

Ubuntu

Priority: Medium

firefox

Release	Status	Version
jammy	not-affected	code not present
noble	not-affected	code not present
oracular	not-affected	code not present
plucky	not-affected	code not present
upstream	needs-triage	-
questing	not-affected	code not present

thunderbird

Release	Status	Version
noble	not-affected	code not present
oracular	not-affected	code not present
plucky	not-affected	code not present
upstream	released	128.12
jammy	released	1:128.12.0+build1-0ubuntu0.22.04.1
questing	not-affected	code not present

mozjs38

Release	Status	Version
bionic	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

mozjs52

Release	Status	Version
bionic	ignored	-
focal	ignored	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

mozjs68

Release	Status	Version
focal	ignored	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

mozjs78

Release	Status	Version
jammy	ignored	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

mozjs91

Release	Status	Version
jammy	ignored	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

mozjs102

Release	Status	Version
jammy	ignored	-
noble	ignored	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

mozjs115

Release	Status	Version
jammy	DNE	-
noble	ignored	-
oracular	ignored	-
plucky	ignored	-
upstream	needs-triage	-
questing	DNE	-

USN-7663-1

Debian

firefox

Release	Status	Fixed Version	Urgency
sid	fixed	148.0.2-1	-
(unstable)	fixed	140.0-1	-

firefox-esr

Release	Status	Fixed Version	Urgency
bullseye	fixed	128.12.0esr-1~deb11u1	-
bullseye (security)	fixed	140.8.0esr-1~deb11u1	-
bookworm	fixed	128.12.0esr-1~deb12u1	-
bookworm (security)	fixed	140.8.0esr-1~deb12u1	-
trixie (security), trixie	fixed	140.8.0esr-1~deb13u1	-
forky, sid	fixed	140.8.0esr-1	-
(unstable)	fixed	128.12.0esr-1	-

thunderbird

Release	Status	Fixed Version	Urgency
bullseye	fixed	1:128.12.0esr-1~deb11u1	-
bullseye (security)	fixed	1:140.8.0esr-1~deb11u1	-
bookworm	fixed	1:128.12.0esr-1~deb12u1	-
bookworm (security)	fixed	1:140.8.0esr-1~deb12u1	-
trixie (security), trixie	fixed	1:140.8.0esr-1~deb13u1	-
forky, sid	fixed	1:140.8.0esr-1	-
(unstable)	fixed	1:128.12.0esr-1	-

DLA-4231-1 DLA-4239-1 DSA-5950-1 DSA-5959-1

EUVD-2025-19101 vulnerability details – vuln.today

Back

EUVD-2025-19101

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-19101

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code