{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6427", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-06-20T14:51:31.244Z", "datePublished": "2025-06-24T12:28:01.317Z", "dateUpdated": "2026-04-13T14:31:00.300Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "140", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An attacker was able to bypass the <code>connect-src</code> directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140."}]}], "title": "connect-src Content Security Policy restriction could be bypassed", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966927"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}], "credits": [{"lang": "en", "value": "Alan Li (lebr0nli)"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:00.300Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-693", "lang": "en", "description": "CWE-693 Protection Mechanism Failure"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-25T14:20:57.559919Z", "id": "CVE-2025-6427", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T14:27:22.224Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-6427", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-25T14:20:57.559919Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T14:21:00.484Z"}}], "cna": {"title": "connect-src Content Security Policy restriction could be bypassed", "credits": [{"lang": "en", "value": "Alan Li (lebr0nli)"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "140", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "140", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966927"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}], "descriptions": [{"lang": "en", "value": "An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "supportingMedia": [{"type": "text/html", "value": "An attacker was able to bypass the <code>connect-src</code> directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:31:00.300Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6427", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:31:00.300Z", "dateReserved": "2025-06-20T14:51:31.244Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-06-24T12:28:01.317Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "77D2BF2A-26A3-4664-93B5-B41BCF17AC9E", "versionEndExcluding": "140.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140."}, {"lang": "es", "value": "Un atacante logr\u00f3 eludir la directiva `connect-src` de una Pol\u00edtica de Seguridad de Contenido manipulando subdocumentos. Esto tambi\u00e9n habr\u00eda ocultado las conexiones de la pesta\u00f1a Red en DevTools. Esta vulnerabilidad afecta a Firefox anterior a la versi\u00f3n 140."}], "id": "CVE-2025-6427", "lastModified": "2026-04-13T15:17:06.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-24T13:15:23.650", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966927"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: connect-src Content Security Policy restriction could be bypassed", "id": "2374565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374565"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "details": ["An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker is able to bypass the <code>connect-src</code> directive of a Content Security Policy by manipulating subdocuments. This also hides the connections from the Network tab in Devtools."], "name": "CVE-2025-6427", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-24T12:28:01Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6427\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6427\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1966927\nhttps://www.mozilla.org/security/advisories/mfsa2025-51/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T16:59:04.056854+00:00", "value": {"mitigation_remediation": ["Upgrade Mozilla Firefox to version\u202f140 or newer.", "Upgrade Mozilla Thunderbird to version\u202f140 or newer.", "If upgrading immediately is not feasible, review and tighten the application\u2019s Content Security Policy to limit connect-src to only trusted origins and monitor network traffic for unexpected outbound connections."], "summary": {"action": "Immediate Patch", "impact": "CSP Bypass"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Mozilla Thunderbird versions prior to 140 are affected. The fix is implemented in Firefox\u202f140 and Thunderbird\u202f140, so any installation older than those releases is vulnerable.", "description_and_impact": "An attacker can manipulate subdocuments to bypass the connect-src directive of a Content Security Policy. This bypass allows the attacker to initiate arbitrary network connections from the affected application, potentially exfiltrating data or communicating with malicious servers without the browser\u2019s usual enforcement. The vulnerability also conceals these connections from the Network tab in DevTools, making detection harder. The weakness is characterized by CWE\u2011693, which deals with compromised control flow integrity or validation concerns.", "risk_and_exploitability": "The CVSS score of 9.1 indicates very high severity. The EPSS score of less than 1\u202f% suggests that, as of now, exploitation is unlikely, and the vulnerability is not listed in CISA\u2019s KEV catalog. However, once exploitation becomes possible, the lack of browser-enforced protection could enable malicious scripts to connect to arbitrary domains, potentially compromising confidentiality and integrity of data transmitted by the affected products."}}}}, "created": "2025-07-06T22:16:27.591286+00:00", "updated": "2026-04-20T17:00:12.761643+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}