CVE-2025-3032
High
Published: 01 April 2025
Published
01 April 2025
Modified
13 April 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.0019
41.0th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2025-3032 is a high-severity File Descriptor Leak (CWE-403) vulnerability in Mozilla Firefox. Its CVSS base score is 7.4 (High).
Operationally, ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-9298
Vulnerability details
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
mozilla
firefox
≤ 137.0
mozilla
thunderbird
≤ 137.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.