Cyber Resilience

CVE-2025-0244

Medium

Published: 07 January 2025

Published
07 January 2025
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0984 93.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0244 is a medium-severity Open Redirect (CWE-601) vulnerability in Mozilla Firefox. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked in the top 6.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-0244 is a vulnerability in Mozilla Firefox on Android operating systems, where redirecting to an invalid protocol scheme allows an attacker to spoof the address bar. This issue stems from CWE-601 (URL Redirection to Untrusted Site) and carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with low confidentiality impact. Other operating systems are unaffected, and the vulnerability was addressed in Firefox version 134.

Remote attackers can exploit this vulnerability without authentication or user interaction by crafting a malicious redirect to an invalid protocol scheme, tricking users into believing they are visiting a different site than intended. Successful exploitation enables address bar spoofing, potentially facilitating phishing attacks by misleading users about the current webpage's origin and compromising confidentiality through deceptive navigation.

Mozilla's security advisory (MFSA 2025-01) and Bugzilla entry (ID 1929584) confirm the fix in Firefox 134, recommending users update to this version or later to mitigate the issue. No workarounds are specified in the provided references.

EU & UK References

Vulnerability details

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

Address bar spoofing via malicious redirect enables deceptive links for phishing and user execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-55031Same product: Mozilla Firefox
CVE-2026-2634Same product: Mozilla Firefox
CVE-2026-4684Same product: Mozilla Firefox
CVE-2026-4712Same product: Mozilla Firefox
CVE-2026-4698Same product: Mozilla Firefox
CVE-2026-4700Same product: Mozilla Firefox
CVE-2026-4693Same product: Mozilla Firefox
CVE-2026-24869Same product: Mozilla Firefox
CVE-2026-4701Same product: Mozilla Firefox
CVE-2025-1941Same product: Mozilla Firefox

Affected Assets

mozilla
firefox
≤ 134.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation requires applying patches like Firefox 134 to directly eliminate CVE-2025-0244 address bar spoofing via invalid protocol redirects.

detect

Vulnerability scanning identifies vulnerable Firefox versions on Android affected by CVE-2025-0244, enabling targeted remediation.

detect

Monitoring vendor security advisories such as MFSA 2025-01 provides awareness of CVE-2025-0244 and prompts patching of affected Firefox instances.

References