Cyber Resilience

CVE-2025-1931

High

Published: 04 March 2025

Published
04 March 2025
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0039 60.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1931 is a high-severity Use After Free (CWE-416) vulnerability in Mozilla Firefox. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 39.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1931 is a use-after-free vulnerability (CWE-416) affecting the content process side of WebTransport connections. It impacts Mozilla Firefox prior to version 136, Firefox ESR prior to 115.21 and 128.8, and Thunderbird prior to 136 and 128.8. The flaw received a CVSS 3.1 score of 7.5 reflecting network-accessible conditions that require no privileges or user interaction and result in high availability impact through a potentially exploitable crash.

An unauthenticated remote attacker can trigger the vulnerability by supplying malicious input to a WebTransport session, causing the affected process to crash and potentially allowing further exploitation of the freed memory.

Mozilla advisories MFSA2025-14 through MFSA2025-17 document the fixes and recommend that users upgrade to the patched releases of Firefox and Thunderbird to eliminate the flaw.

The associated EPSS score rose from a low baseline to a peak of 0.0111 before settling at 0.0039, indicating a measurable increase in exploitation interest after public disclosure.

EU & UK References

Vulnerability details

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

UAF in browser content process enables remote crash for DoS via application exploitation (T1499.004) and potentially client-side code execution (T1203) as foundation for further compromise.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-6759Same product: Mozilla Firefox
CVE-2026-6758Same product: Mozilla Firefox
CVE-2026-2787Same product: Mozilla Firefox
CVE-2026-2789Same product: Mozilla Firefox
CVE-2026-6746Same product: Mozilla Firefox
CVE-2026-2765Same product: Mozilla Firefox
CVE-2026-2767Same product: Mozilla Firefox
CVE-2026-6747Same product: Mozilla Firefox
CVE-2026-6754Same product: Mozilla Firefox
CVE-2026-0884Same product: Mozilla Firefox

Affected Assets

mozilla
firefox
≤ 115.21.0 · ≤ 136.0 · 116.0 — 128.8.0
mozilla
thunderbird
≤ 128.8.0 · 129.0 — 136.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of the use-after-free flaw in Firefox and Thunderbird WebTransport, directly mitigating the CVE through software updates to fixed versions.

prevent

Implements memory protections like ASLR, DEP, and stack guards that prevent exploitation of use-after-free vulnerabilities by blocking unauthorized code execution in corrupted memory.

prevent

Enforces process isolation for browser content processes, limiting the scope and impact of crashes or potential exploits from WebTransport connections.

References