{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-27425", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-02-24T20:03:31.187Z", "datePublished": "2025-03-04T13:31:28.658Z", "dateUpdated": "2026-04-13T14:29:06.595Z"}, "containers": {"cna": {"affected": [{"product": "Firefox for iOS", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "136", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136."}]}], "title": "QR code user confirmation bypass with invalid protocol", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1941525"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-13/"}], "credits": [{"lang": "en", "value": "Abhinav Khanna"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:29:06.595Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "CWE-287 Improper Authentication"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T15:24:39.061601Z", "id": "CVE-2025-27425", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:26:15.286Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-27425", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T15:24:39.061601Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:25:46.282Z"}}], "cna": {"title": "QR code user confirmation bypass with invalid protocol", "credits": [{"lang": "en", "value": "Abhinav Khanna"}], "affected": [{"vendor": "Mozilla", "product": "Firefox for iOS", "versions": [{"status": "unaffected", "version": "136", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1941525"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-13/"}], "descriptions": [{"lang": "en", "value": "Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.", "supportingMedia": [{"type": "text/html", "value": "Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:29:06.595Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27425", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:29:06.595Z", "dateReserved": "2025-02-24T20:03:31.187Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-03-04T13:31:28.658Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DB4CDD0-EC54-43D0-ACB2-F159ABA53D2C", "versionEndExcluding": "136.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136."}, {"lang": "es", "value": "Escanear ciertos c\u00f3digos QR que inclu\u00edan texto con la URL de un sitio web podr\u00eda permitir que la URL se abriera sin presentar primero al usuario una alerta de confirmaci\u00f3n. Esta vulnerabilidad afecta a Firefox para iOS < 136."}], "id": "CVE-2025-27425", "lastModified": "2026-04-13T15:16:55.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-04T14:15:39.493", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1941525"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-13/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:38:45.828172+00:00", "value": {"mitigation_remediation": ["Upgrade to Firefox for iOS version 136 or newer", "Configure the browser to require explicit confirmation for any URL opened from a QR code", "Monitor for suspicious QR code usage and enforce strict scanning policies"], "summary": {"action": "Apply Patch", "impact": "Bypass of URL confirmation allows malicious site access"}, "threat_synthesis": {"affected_systems": "Vendors affected are Mozilla for the Firefox for iOS product. The fix was supplied in Firefox for iOS version 136, so all earlier releases are vulnerable. The issue manifests on iOS devices running the Firefox app.", "description_and_impact": "A user can scan a QR code that contains a website URL and the Firefox for iOS browser will open the link without presenting the usual confirmation alert. The flaw allows an attacker to deliver malicious content or phishing pages directly through a QR code, bypassing the user\u2019s guardrail. Based on the description, it is inferred that the attacker\u2019s primary vector is a crafted QR code presented to a victim who is using Firefox on iOS, resulting in the automatic opening of a potentially harmful website. The vulnerability involves a weakness in the browser\u2019s confirmation logic rather than a traditional authentication bypass.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a medium severity, and the EPSS score of less than 1% shows exploitation is considered low probability. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to supply a crafted QR code to a user who scans it using Firefox on iOS; no network\u2011level access or additional credentials are required to trigger the bypass."}}}}, "created": "2026-04-20T20:45:16.933164+00:00", "updated": "2026-04-20T20:45:16.933173+00:00", "vendors": []}