Vulnerability Details
Basic Information
| Title | CVE-2025-4088 |
|---|---|
| Type | cve |
| Published | 2025-04-29T14:15:35 |
| Last Seen | 2025-04-29T16:48:28 |
| CVSS Score | 6.5 (MEDIUM) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | NONE |
CVE Information
| CVE IDs | CVE-2025-4088 |
|---|---|
| CWE | CWE-352 |
| Bulletin Family | cve |
Description
A security vulnerability in Firefox allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.
Impact Assessment
| Base Score | 6.5 |
|---|---|
| Severity | MEDIUM |