CVE-2025-8043
Published: 22 July 2025
Summary
CVE-2025-8043 is a critical-severity User Interface (UI) Misrepresentation of Critical Information (CWE-451) vulnerability in Mozilla Firefox. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked in the top 37.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-8043 is a vulnerability in Firefox where Focus incorrectly truncated URLs towards the beginning instead of around the origin, leading to potential user interface misrepresentation of critical information (CWE-451). This issue affects Firefox users prior to version 141 and carries a critical CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-07-22T21:15:51.263.
Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction. Exploitation enables high-impact consequences across confidentiality, integrity, and availability, such as misleading users about the true destination or nature of URLs through improper truncation.
Mozilla addressed this vulnerability with a fix in Firefox 141. Additional details are available in the Mozilla Foundation Security Advisory (MFSA 2025-56) at https://www.mozilla.org/security/advisories/mfsa2025-56/ and the corresponding Bugzilla entry at https://bugzilla.mozilla.org/show_bug.cgi?id=1970209.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22358
Vulnerability details
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
URL truncation flaw enables crafted malicious links to appear legitimate, directly facilitating spearphishing links and user execution via deceptive URLs.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the Firefox Focus URL truncation flaw by requiring timely identification, reporting, and patching to version 141 or later.
Scans organizational systems for vulnerable Firefox versions affected by CVE-2025-8043 to identify and prioritize remediation.
Ensures monitoring of Mozilla security advisories like MFSA 2025-56 to receive alerts on the URL truncation vulnerability and deploy patches promptly.