Login Sign Up

CVE-2025-10530

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

A spoofing vulnerability in Firefox for Android's WebAuthn component allows attackers to bypass authentication by presenting fake credentials. This affects Firefox for Android versions below 143 and Thunderbird versions below 143.

💻 Affected Systems

Products:
  • Firefox for Android
  • Thunderbird
Versions: Firefox for Android < 143, Thunderbird < 143
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WebAuthn authentication flows. Desktop Firefox and other browsers are not affected.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could impersonate legitimate users to access sensitive accounts protected by WebAuthn authentication, potentially leading to data theft or unauthorized actions.

🟠

Likely Case

Targeted attacks against specific users to bypass multi-factor authentication on websites using WebAuthn, particularly on Android devices.

🟢

If Mitigated

Limited impact if organizations use additional authentication factors beyond WebAuthn or restrict vulnerable browser versions.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction and targeting of specific authentication flows. No public exploits available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox for Android 143, Thunderbird 143

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-73/

Restart Required: No

Instructions:

1. Open Firefox for Android app store. 2. Check for updates. 3. Install Firefox 143 or later. For Thunderbird: 1. Open Thunderbird. 2. Go to Help > About Thunderbird. 3. Install available updates to version 143 or later.

🔧 Temporary Workarounds

Disable WebAuthn

android

Temporarily disable WebAuthn authentication in browser settings

about:config > security.webauth.webauthn = false

🧯 If You Can't Patch

  • Use alternative browsers without WebAuthn vulnerabilities for authentication
  • Implement additional authentication factors beyond WebAuthn

🔍 How to Verify

Check if Vulnerable:

Check Firefox for Android version in app settings > About Firefox. If version is below 143, system is vulnerable.

Check Version:

about:version in Firefox address bar

Verify Fix Applied:

Confirm Firefox for Android version is 143 or higher in app settings > About Firefox.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed WebAuthn authentication attempts followed by successful authentication from same source
  • Unusual WebAuthn credential registrations

Network Indicators:

  • Suspicious WebAuthn authentication requests to protected resources

SIEM Query:

source="firefox_android" AND event_type="webauthn_auth" AND result="success" AND user_agent contains "Firefox/14[0-2]"

📊 Metadata

CVE ID: CVE-2025-10530
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-290
EPSS Score: 0.03% exploit probability (8.8th percentile)
Published: September 16, 2025
Last Updated: October 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10530, you might also want to check these:

CVE-2025-66570 10.0

This vulnerability in cpp-httplib allows attackers to inject HTTP headers (REMOTE_ADDR, REMOTE_PORT,...

Same vulnerability type (CWE-290)
CVE-2022-2310 10.0

CVE-2022-2310 is an authentication bypass vulnerability in Skyhigh Secure Web Gateway (SWG) that all...

Same vulnerability type (CWE-290)
CVE-2020-26276 10.0

This vulnerability allows attackers to modify trusted SAML responses in Fleet osquery manager, enabl...

Same vulnerability type (CWE-290)