Search for vulnerabilities
Vulnerability details: VCID-bxes-dw64-juaw
Vulnerability ID VCID-bxes-dw64-juaw
Aliases CVE-2025-5269
Summary Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5269.json
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2025-5269
cvssv3.1 6.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1924108
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1924108
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-44
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2025-46
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2025-44/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-44/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2025-46/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-46/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5269.json
https://api.first.org/data/v1/epss?cve=CVE-2025-5269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5269
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2368757 https://bugzilla.redhat.com/show_bug.cgi?id=2368757
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2025-5269 https://nvd.nist.gov/vuln/detail/CVE-2025-5269
mfsa2025-44 https://www.mozilla.org/en-US/security/advisories/mfsa2025-44
mfsa2025-44 https://www.mozilla.org/security/advisories/mfsa2025-44/
mfsa2025-46 https://www.mozilla.org/en-US/security/advisories/mfsa2025-46
mfsa2025-46 https://www.mozilla.org/security/advisories/mfsa2025-46/
RHSA-2025:8293 https://access.redhat.com/errata/RHSA-2025:8293
RHSA-2025:8308 https://access.redhat.com/errata/RHSA-2025:8308
RHSA-2025:8341 https://access.redhat.com/errata/RHSA-2025:8341
RHSA-2025:8598 https://access.redhat.com/errata/RHSA-2025:8598
RHSA-2025:8599 https://access.redhat.com/errata/RHSA-2025:8599
RHSA-2025:8607 https://access.redhat.com/errata/RHSA-2025:8607
RHSA-2025:8608 https://access.redhat.com/errata/RHSA-2025:8608
RHSA-2025:8628 https://access.redhat.com/errata/RHSA-2025:8628
RHSA-2025:8629 https://access.redhat.com/errata/RHSA-2025:8629
RHSA-2025:8630 https://access.redhat.com/errata/RHSA-2025:8630
RHSA-2025:8631 https://access.redhat.com/errata/RHSA-2025:8631
RHSA-2025:8642 https://access.redhat.com/errata/RHSA-2025:8642
RHSA-2025:8756 https://access.redhat.com/errata/RHSA-2025:8756
RHSA-2025:9071 https://access.redhat.com/errata/RHSA-2025:9071
RHSA-2025:9072 https://access.redhat.com/errata/RHSA-2025:9072
RHSA-2025:9073 https://access.redhat.com/errata/RHSA-2025:9073
RHSA-2025:9074 https://access.redhat.com/errata/RHSA-2025:9074
RHSA-2025:9075 https://access.redhat.com/errata/RHSA-2025:9075
RHSA-2025:9076 https://access.redhat.com/errata/RHSA-2025:9076
RHSA-2025:9077 https://access.redhat.com/errata/RHSA-2025:9077
RHSA-2025:9155 https://access.redhat.com/errata/RHSA-2025:9155
show_bug.cgi?id=1924108 https://bugzilla.mozilla.org/show_bug.cgi?id=1924108
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5269.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1924108
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T17:41:18Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1924108
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-44/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T17:41:18Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-44/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2025-46/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T17:41:18Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-46/
Exploit Prediction Scoring System (EPSS)
Percentile 0.06009
EPSS Score 0.00028
Published At May 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-05-27T20:08:35.291873+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-44.yml 36.0.0