CVE-2025-1931
Published: 04 March 2025
Summary
CVE-2025-1931 is a high-severity Use After Free (CWE-416) vulnerability in Mozilla Firefox. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 39.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-1931 is a use-after-free vulnerability (CWE-416) affecting the content process side of WebTransport connections. It impacts Mozilla Firefox prior to version 136, Firefox ESR prior to 115.21 and 128.8, and Thunderbird prior to 136 and 128.8. The flaw received a CVSS 3.1 score of 7.5 reflecting network-accessible conditions that require no privileges or user interaction and result in high availability impact through a potentially exploitable crash.
An unauthenticated remote attacker can trigger the vulnerability by supplying malicious input to a WebTransport session, causing the affected process to crash and potentially allowing further exploitation of the freed memory.
Mozilla advisories MFSA2025-14 through MFSA2025-17 document the fixes and recommend that users upgrade to the patched releases of Firefox and Thunderbird to eliminate the flaw.
The associated EPSS score rose from a low baseline to a peak of 0.0111 before settling at 0.0039, indicating a measurable increase in exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7436
Vulnerability details
It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UAF in browser content process enables remote crash for DoS via application exploitation (T1499.004) and potentially client-side code execution (T1203) as foundation for further compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and patching of the use-after-free flaw in Firefox and Thunderbird WebTransport, directly mitigating the CVE through software updates to fixed versions.
Implements memory protections like ASLR, DEP, and stack guards that prevent exploitation of use-after-free vulnerabilities by blocking unauthorized code execution in corrupted memory.
Enforces process isolation for browser content processes, limiting the scope and impact of crashes or potential exploits from WebTransport connections.