Incorrect Boundary Conditions in WebGPU Component of Firefox
CVE-2025-13025

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-13025?

A vulnerability has been identified in the WebGPU component of the Firefox browser, stemming from incorrect boundary conditions. This could potentially allow an attacker to exploit the error to execute unwanted actions or access sensitive information. Users running versions of Firefox prior to 145 are particularly at risk and are advised to update to the latest version to mitigate any possible threats. For more details on the issue, refer to the provided Mozilla advisories.

Affected Version(s)

Firefox < 145

Thunderbird < 145

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1994022

https://www.mozilla.org/security/advisories/mfsa2025-87/

https://www.mozilla.org/security/advisories/mfsa2025-90/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Nov 11, 2025

Credit

Oskar L

JSON