CVE-2025-6433

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140 and Thunderbird < 140.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1954033	Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-51/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-54/

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

History

14 Jul 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-24 13:15

Updated : 2025-07-14 19:15

NVD link : CVE-2025-6433

Mitre link : CVE-2025-6433

CVE.ORG link : CVE-2025-6433

JSON object : View

Products Affected

mozilla

firefox

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2025-6433", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-06-24T13:15:24.327", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954033", "tags": ["Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires \"a secure transport established without errors\". This vulnerability affects Firefox < 140 and Thunderbird < 140."}, {"lang": "es", "value": "Si un usuario visitaba una p\u00e1gina web con un certificado TLS no v\u00e1lido y conced\u00eda una excepci\u00f3n, la p\u00e1gina web pod\u00eda generar un desaf\u00edo de WebAuthN que el usuario deb\u00eda completar. Esto infringe la especificaci\u00f3n de WebAuthN, que exige \"un transporte seguro establecido sin errores\". Esta vulnerabilidad afecta a Firefox anterior a la versi\u00f3n 140."}], "lastModified": "2025-07-14T19:15:34.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "77D2BF2A-26A3-4664-93B5-B41BCF17AC9E", "versionEndExcluding": "140.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}