CVE-2025-54145

{"id": "CVE-2025-54145", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-08-19T21:15:27.843", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946122", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS < 141."}, {"lang": "es", "value": "El esc\u00e1ner QR podr\u00eda permitir que se abran sitios web arbitrarios si un usuario fuera enga\u00f1ado para escanear un enlace malicioso que aprovechara el esquema de URL de texto abierto de Firefox. Esta vulnerabilidad afecta a Firefox para iOS &lt; 141."}], "lastModified": "2025-08-21T18:39:33.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "49B2D080-DBF5-4711-8563-B24D688F8B31", "versionEndExcluding": "141.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}