CVE-2025-55031

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-55031
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1979499 Issue Tracking Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1979804 Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-68/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-69/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*
History

21 Aug 2025, 18:38

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*
First Time Mozilla firefox
Mozilla firefox Focus
Mozilla
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1979499 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1979499 - Issue Tracking, Permissions Required
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1979804 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1979804 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2025-68/ - () https://www.mozilla.org/security/advisories/mfsa2025-68/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-69/ - () https://www.mozilla.org/security/advisories/mfsa2025-69/ - Vendor Advisory

20 Aug 2025, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-601

20 Aug 2025, 14:40

Type Values Removed Values Added
Summary
  • (es) Las páginas maliciosas podrían usar Firefox para iOS para transferir enlaces FIDO al sistema operativo y activar el transporte de claves de acceso híbridas. Un atacante dentro del alcance de Bluetooth podría haber usado esto para engañar al usuario y que usara su clave de acceso para iniciar sesión en la cuenta objetivo. Esta vulnerabilidad afecta a Firefox para iOS (versión anterior a la 142) y Focus (versión anterior a la 142).

19 Aug 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-19 21:15

Updated : 2025-08-21 18:38

NVD link : CVE-2025-55031

Mitre link : CVE-2025-55031

CVE.ORG link : CVE-2025-55031

JSON object : View

Products Affected

mozilla

  • firefox_focus
  • firefox
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')