Cyber Resilience

CVE-2025-54143

Critical

Published: 19 August 2025

Published
19 August 2025
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 31.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54143 is a critical-severity Protection Mechanism Failure (CWE-693) vulnerability in Mozilla Firefox. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-54143 is a vulnerability in Firefox for iOS that enables sandboxed iframes on webpages to potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This protection mechanism failure, mapped to CWE-693, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-08-19.

The vulnerability can be exploited by a remote attacker with no privileges or user interaction required. By hosting a malicious webpage with a sandboxed iframe, the attacker can bypass the parent page's sandbox restrictions, potentially initiating unauthorized downloads to the victim's device and achieving high impacts on confidentiality, integrity, and availability.

Mozilla fixed this issue in Firefox for iOS version 141. Security advisories recommend updating to this version or later to mitigate the vulnerability. Additional details are available in the Mozilla Foundation Security Advisory MFSA 2025-60 at https://www.mozilla.org/security/advisories/mfsa2025-60/ and Bugzilla entry 1912671 at https://bugzilla.mozilla.org/show_bug.cgi?id=1912671.

EU & UK References

Vulnerability details

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
Why these techniques?

Sandbox bypass enables unauthorized downloads (T1105 Ingress Tool Transfer) from malicious web content and supports drive-by compromise (T1189) via browser exploitation without user interaction.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8962Same product: Mozilla Firefox
CVE-2026-6763Same product: Mozilla Firefox
CVE-2026-4723Same product: Mozilla Firefox
CVE-2026-4691Same product: Mozilla Firefox
CVE-2026-0877Same product: Mozilla Firefox
CVE-2026-3847Same product: Mozilla Firefox
CVE-2026-4711Same product: Mozilla Firefox
CVE-2026-4698Same product: Mozilla Firefox
CVE-2026-4700Same product: Mozilla Firefox
CVE-2026-24869Same product: Mozilla Firefox

Affected Assets

mozilla
firefox
≤ 141.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires applying the Firefox for iOS 141 patch that fixes the sandbox iframe download bypass in CVE-2025-54143.

detect

Vulnerability monitoring and scanning identifies systems with vulnerable Firefox for iOS versions affected by CVE-2025-54143.

preventdetect

Malicious code protection scans and blocks potentially harmful downloads initiated by the sandbox bypass in CVE-2025-54143.

References