VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1q61-xygj-z3c1

Essentials
Severities (37)
References (41)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1q61-xygj-z3c1
Aliases	CVE-2025-6425
Summary	An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6425.json
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2025-6425
cvssv3.1	4.3	https://bugzilla.mozilla.org/show_bug.cgi?id=1717672
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1717672
cvssv3.1	5.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-51
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-52
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-53
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-54
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2025-55
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2025-51/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-51/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2025-52/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-52/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2025-53/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-53/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2025-54/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-54/
cvssv3.1	4.3	https://www.mozilla.org/security/advisories/mfsa2025-55/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-55/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6425.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-6425
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6425
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2374562		https://bugzilla.redhat.com/show_bug.cgi?id=2374562
cpe:2.3:a:mozilla:firefox:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::-:::*
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
CVE-2025-6425		https://nvd.nist.gov/vuln/detail/CVE-2025-6425
mfsa2025-51		https://www.mozilla.org/en-US/security/advisories/mfsa2025-51
mfsa2025-51		https://www.mozilla.org/security/advisories/mfsa2025-51/
mfsa2025-52		https://www.mozilla.org/en-US/security/advisories/mfsa2025-52
mfsa2025-52		https://www.mozilla.org/security/advisories/mfsa2025-52/
mfsa2025-53		https://www.mozilla.org/en-US/security/advisories/mfsa2025-53
mfsa2025-53		https://www.mozilla.org/security/advisories/mfsa2025-53/
mfsa2025-54		https://www.mozilla.org/en-US/security/advisories/mfsa2025-54
mfsa2025-54		https://www.mozilla.org/security/advisories/mfsa2025-54/
mfsa2025-55		https://www.mozilla.org/en-US/security/advisories/mfsa2025-55
mfsa2025-55		https://www.mozilla.org/security/advisories/mfsa2025-55/
RHSA-2025:10072		https://access.redhat.com/errata/RHSA-2025:10072
RHSA-2025:10073		https://access.redhat.com/errata/RHSA-2025:10073
RHSA-2025:10074		https://access.redhat.com/errata/RHSA-2025:10074
RHSA-2025:10159		https://access.redhat.com/errata/RHSA-2025:10159
RHSA-2025:10160		https://access.redhat.com/errata/RHSA-2025:10160
RHSA-2025:10161		https://access.redhat.com/errata/RHSA-2025:10161
RHSA-2025:10163		https://access.redhat.com/errata/RHSA-2025:10163
RHSA-2025:10164		https://access.redhat.com/errata/RHSA-2025:10164
RHSA-2025:10165		https://access.redhat.com/errata/RHSA-2025:10165
RHSA-2025:10166		https://access.redhat.com/errata/RHSA-2025:10166
RHSA-2025:10181		https://access.redhat.com/errata/RHSA-2025:10181
RHSA-2025:10182		https://access.redhat.com/errata/RHSA-2025:10182
RHSA-2025:10183		https://access.redhat.com/errata/RHSA-2025:10183
RHSA-2025:10184		https://access.redhat.com/errata/RHSA-2025:10184
RHSA-2025:10185		https://access.redhat.com/errata/RHSA-2025:10185
RHSA-2025:10186		https://access.redhat.com/errata/RHSA-2025:10186
RHSA-2025:10187		https://access.redhat.com/errata/RHSA-2025:10187
RHSA-2025:10188		https://access.redhat.com/errata/RHSA-2025:10188
RHSA-2025:10195		https://access.redhat.com/errata/RHSA-2025:10195
RHSA-2025:10196		https://access.redhat.com/errata/RHSA-2025:10196
RHSA-2025:10246		https://access.redhat.com/errata/RHSA-2025:10246
show_bug.cgi?id=1717672		https://bugzilla.mozilla.org/show_bug.cgi?id=1717672
USN-7663-1		https://usn.ubuntu.com/7663-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6425.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1717672

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1717672

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-51/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-51/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-52/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-52/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-53/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-53/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-54/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-54/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-55/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:21:41Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-55/

Exploit Prediction Scoring System (EPSS)

Percentile	0.21831
EPSS Score	0.0007
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:22.962416+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-55.yml	37.0.0