VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-12vf-f2r4-bqge

Essentials
Severities (53)
References (35)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-12vf-f2r4-bqge
Aliases	CVE-2025-4093
Summary	Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird ESR < 128.10.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2025-4093
cvssv3.1	6.5	https://bugzilla.mozilla.org/show_bug.cgi?id=1894100
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1894100
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2025-29/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-29/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2025-32/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-32/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-4093
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2362915		https://bugzilla.redhat.com/show_bug.cgi?id=2362915
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
cpe:2.3:a:mozilla:thunderbird:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:::::esr:::*
CVE-2025-4093		https://nvd.nist.gov/vuln/detail/CVE-2025-4093
mfsa2025-29		https://www.mozilla.org/en-US/security/advisories/mfsa2025-29
mfsa2025-29		https://www.mozilla.org/security/advisories/mfsa2025-29/
mfsa2025-32		https://www.mozilla.org/en-US/security/advisories/mfsa2025-32
mfsa2025-32		https://www.mozilla.org/security/advisories/mfsa2025-32/
RHSA-2025:4443		https://access.redhat.com/errata/RHSA-2025:4443
RHSA-2025:4458		https://access.redhat.com/errata/RHSA-2025:4458
RHSA-2025:4460		https://access.redhat.com/errata/RHSA-2025:4460
RHSA-2025:4751		https://access.redhat.com/errata/RHSA-2025:4751
RHSA-2025:4752		https://access.redhat.com/errata/RHSA-2025:4752
RHSA-2025:4753		https://access.redhat.com/errata/RHSA-2025:4753
RHSA-2025:4756		https://access.redhat.com/errata/RHSA-2025:4756
RHSA-2025:4797		https://access.redhat.com/errata/RHSA-2025:4797
RHSA-2025:7428		https://access.redhat.com/errata/RHSA-2025:7428
RHSA-2025:7506		https://access.redhat.com/errata/RHSA-2025:7506
RHSA-2025:7507		https://access.redhat.com/errata/RHSA-2025:7507
RHSA-2025:7543		https://access.redhat.com/errata/RHSA-2025:7543
RHSA-2025:7544		https://access.redhat.com/errata/RHSA-2025:7544
RHSA-2025:7545		https://access.redhat.com/errata/RHSA-2025:7545
RHSA-2025:7547		https://access.redhat.com/errata/RHSA-2025:7547
RHSA-2025:7689		https://access.redhat.com/errata/RHSA-2025:7689
RHSA-2025:7690		https://access.redhat.com/errata/RHSA-2025:7690
RHSA-2025:7691		https://access.redhat.com/errata/RHSA-2025:7691
RHSA-2025:7692		https://access.redhat.com/errata/RHSA-2025:7692
RHSA-2025:7693		https://access.redhat.com/errata/RHSA-2025:7693
RHSA-2025:7694		https://access.redhat.com/errata/RHSA-2025:7694
RHSA-2025:7695		https://access.redhat.com/errata/RHSA-2025:7695
show_bug.cgi?id=1894100		https://bugzilla.mozilla.org/show_bug.cgi?id=1894100

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1894100

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1894100

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-29/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-29/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-32/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-32/

Exploit Prediction Scoring System (EPSS)

Percentile	0.05901
EPSS Score	0.00027
Published At	April 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-04-29T17:00:33.003404+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/4xxx/CVE-2025-4093.json	36.0.0