Search for vulnerabilities
Vulnerability details: VCID-1zvj-cyx8-vyg4
Vulnerability ID VCID-1zvj-cyx8-vyg4
Aliases CVE-2025-5986
Summary A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5986.json
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-5986
cvssv3.1 6.5 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012
ssvc Track https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-49
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-50
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2025-49/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-49/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2025-50/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-50/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5986.json
https://api.first.org/data/v1/epss?cve=CVE-2025-5986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5986
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2372281 https://bugzilla.redhat.com/show_bug.cgi?id=2372281
buglist.cgi?bug_id=1958580%2C1968012 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
CVE-2025-5986 https://nvd.nist.gov/vuln/detail/CVE-2025-5986
mfsa2025-49 https://www.mozilla.org/en-US/security/advisories/mfsa2025-49
mfsa2025-49 https://www.mozilla.org/security/advisories/mfsa2025-49/
mfsa2025-50 https://www.mozilla.org/en-US/security/advisories/mfsa2025-50
mfsa2025-50 https://www.mozilla.org/security/advisories/mfsa2025-50/
RHSA-2025:10159 https://access.redhat.com/errata/RHSA-2025:10159
RHSA-2025:10160 https://access.redhat.com/errata/RHSA-2025:10160
RHSA-2025:10161 https://access.redhat.com/errata/RHSA-2025:10161
RHSA-2025:10163 https://access.redhat.com/errata/RHSA-2025:10163
RHSA-2025:10164 https://access.redhat.com/errata/RHSA-2025:10164
RHSA-2025:10165 https://access.redhat.com/errata/RHSA-2025:10165
RHSA-2025:10166 https://access.redhat.com/errata/RHSA-2025:10166
RHSA-2025:10195 https://access.redhat.com/errata/RHSA-2025:10195
RHSA-2025:10196 https://access.redhat.com/errata/RHSA-2025:10196
RHSA-2025:10246 https://access.redhat.com/errata/RHSA-2025:10246
USN-7663-1 https://usn.ubuntu.com/7663-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5986.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T13:20:09Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-49/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T13:20:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-49/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-50/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T13:20:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-50/
Exploit Prediction Scoring System (EPSS)
Percentile 0.18226
EPSS Score 0.00058
Published At Aug. 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:25.107570+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-49.yml 37.0.0