Cyber Resilience

CVE-2025-11720

High

Published: 14 October 2025

Published
14 October 2025
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0005 14.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11720 is a high-severity User Interface (UI) Misrepresentation of Critical Information (CWE-451) vulnerability in Mozilla Firefox. Its CVSS base score is 8.1 (High).

Operationally, ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a…

more

user into thinking it was content from a different subdomain of that site. This vulnerability was fixed in Firefox 144.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mozilla
firefox
≤ 144.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References