CVE-2025-54143CRITICAL 9.8EPSS p35.6%

CVE-2025-54143CVE-2025-54143

Description

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.6% · 2026-06-18T12:00:27Z
Published2025-08-19
Last modified2026-04-13

Underlying weaknesses· 1

CWE-693

References

  1. https://bugzilla.mozilla.org/show_bug.cgi?id=1912671
  2. https://www.mozilla.org/security/advisories/mfsa2025-60/

1

TypeTargetConfidenceTier
WeaknessProtection Mechanism Failurecwe-6930%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8042
CVE
CVE-2025-54145
CVE
CVE-2026-11202
CVE
CVE-2026-11214
CVE
CVE-2025-14322
CVE
CVE-2025-43480
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.