Cyber Resilience

CVE-2025-4082

Medium

Published: 29 April 2025

Published
29 April 2025
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0018 39.2th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-4082 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Mozilla Firefox. Its CVSS base score is 5.9 (Medium).

Operationally, ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed…

more

in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mozilla
firefox
≤ 115.23 · ≤ 138.0 · 128.0 — 128.10
mozilla
thunderbird
≤ 128.10.0 · ≤ 138.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References