{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2830", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-03-26T18:56:39.784Z", "datePublished": "2025-04-15T15:06:13.895Z", "dateUpdated": "2026-04-13T14:28:29.507Z"}, "containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.9.2", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "137.0.2", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2."}]}], "title": "Information Disclosure of /tmp directory listing", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-26/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-27/"}], "credits": [{"lang": "en", "value": "Dario Wei\u00dfer"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:28:29.507Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T17:53:44.520084Z", "id": "CVE-2025-2830", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:10:39.280Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-2830", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T17:53:44.520084Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:10:31.243Z"}}], "cna": {"title": "Information Disclosure of /tmp directory listing", "credits": [{"lang": "en", "value": "Dario Wei\u00dfer"}], "affected": [{"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.9.2", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "137.0.2", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-26/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-27/"}], "descriptions": [{"lang": "en", "value": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.", "supportingMedia": [{"type": "text/html", "value": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:28:29.507Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2830", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:28:29.507Z", "dateReserved": "2025-03-26T18:56:39.784Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-04-15T15:06:13.895Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "D11A3908-71D7-4967-8029-0D4DD57F384C", "versionEndExcluding": "128.9.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "971D9339-D135-4B63-A4DA-E333080DA5E6", "versionEndExcluding": "137.0.2", "versionStartIncluding": "129.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2."}, {"lang": "es", "value": "Al manipular un nombre de archivo mal formado para un archivo adjunto en un mensaje multiparte, un atacante puede enga\u00f1ar a Thunderbird para que incluya la lista de directorio /tmp al reenviar o editar el mensaje como nuevo. Esta vulnerabilidad podr\u00eda permitir a los atacantes divulgar informaci\u00f3n confidencial del sistema de la v\u00edctima. Esta vulnerabilidad no se limita a Linux; tambi\u00e9n se ha observado un comportamiento similar en Windows. Esta vulnerabilidad afecta a Thunderbird (versi\u00f3n anterior a la 137.0.2) y a Thunderbird (versi\u00f3n anterior a la 128.9.2)."}], "id": "CVE-2025-2830", "lastModified": "2026-04-13T15:16:55.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-15T15:16:08.957", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:7507", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "thunderbird-0:128.10.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:4649", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.9.2-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-07T00:00:00Z"}, {"advisory": "RHSA-2025:4389", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.9.2-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-04-30T00:00:00Z"}, {"advisory": "RHSA-2025:4654", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.9.2-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-05-07T00:00:00Z"}, {"advisory": "RHSA-2025:4654", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.9.2-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-05-07T00:00:00Z"}, {"advisory": "RHSA-2025:4654", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.9.2-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-05-07T00:00:00Z"}, {"advisory": "RHSA-2025:4665", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.9.2-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-05-07T00:00:00Z"}, {"advisory": "RHSA-2025:4665", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.9.2-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-05-07T00:00:00Z"}, {"advisory": "RHSA-2025:4665", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.9.2-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-05-07T00:00:00Z"}, {"advisory": "RHSA-2025:4617", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.9.2-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-07T00:00:00Z"}, {"advisory": "RHSA-2025:4229", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.9.2-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:7435", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.10.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:4514", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.9.2-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4513", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.9.2-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4512", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.9.2-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-05-06T00:00:00Z"}], "bugzilla": {"description": "thunderbird: Information Disclosure of /tmp directory listing", "id": "2359789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359789"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2."], "name": "CVE-2025-2830", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-15T15:06:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-2830\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1956379\nhttps://www.mozilla.org/security/advisories/mfsa2025-26/\nhttps://www.mozilla.org/security/advisories/mfsa2025-27/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T18:14:05.759371+00:00", "value": {"mitigation_remediation": ["Update Thunderbird to version 137.0.2 or 128.9.2, the releases that contain the fix for the directory listing bug.", "If an immediate update is not possible, configure email security controls to block or quarantine messages that contain attachment filenames with relative or traversal sequences, and prohibit editing or forwarding of such messages within the client.", "Deploy anti\u2011malware and mailbox filtering solutions that validate attachment names before delivery to Thunderbird, ensuring that any file name containing path traversal components is removed or sanitized before it reaches the application."], "summary": {"action": "Update Client", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The flaw affects Mozilla Thunderbird versions prior to 137.0.2 on Linux and 128.9.2 on Windows. The CPE list indicates that Red\u00a0Hat Enterprise Linux releases from 8 to 10 are affected because Thunderbird runs on those platforms, but the issue is inherent to the Thunderbird application and not to the OS itself.", "description_and_impact": "Thunderbird processes a multipart message containing an attachment with a carefully crafted filename that causes the client to output the /tmp directory listing when the message is forwarded or edited. This presents a clear information exposure flaw, allowing an attacker to read files that the victim can normally access. The underlying weaknesses are directory traversal and lack of validation of attachment names.", "risk_and_exploitability": "The CVSS score of 6.3 reveals a moderate severity, and the EPSS score of <1% signals a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, which further indicates that widespread exploitation is not documented. The most probable attack vector is a remote email sent to a victim that includes a malicious attachment; the victim then forwards or edits the message in Thunderbird, triggering the directory listing disclosure."}}}}, "created": "2026-04-20T18:15:13.622885+00:00", "updated": "2026-04-20T18:15:13.622896+00:00", "vendors": []}