CVE-2025-8028CRITICAL 9.8EPSS p35.8%

CVE-2025-8028CVE-2025-8028

Description

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.8% · 2026-06-19T12:03:05Z
Published2025-07-22
Last modified2026-04-13

Underlying weaknesses· 1

CWE-1332

References

  1. https://bugzilla.mozilla.org/show_bug.cgi?id=1971581
  2. https://www.mozilla.org/security/advisories/mfsa2025-56/
  3. https://www.mozilla.org/security/advisories/mfsa2025-57/
  4. https://www.mozilla.org/security/advisories/mfsa2025-58/
  5. https://www.mozilla.org/security/advisories/mfsa2025-59/
  6. https://www.mozilla.org/security/advisories/mfsa2025-61/
  7. https://www.mozilla.org/security/advisories/mfsa2025-62/
  8. https://www.mozilla.org/security/advisories/mfsa2025-63/

1

TypeTargetConfidenceTier
WeaknessImproper Handling of Faults that Lead to Instruction Skipscwe-13320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1011
CVE
CVE-2025-8034
CVE
CVE-2025-8044
CVE
CVE-2025-8035
CVE
CVE-2025-8040
CVE
CVE-2025-4091
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.