CVE-2025-8032HIGH 8.1EPSS p20.7%

CVE-2025-8032CVE-2025-8032

Description

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS0.29% probability of exploitation · percentile 20.7% · 2026-06-19T12:03:05Z
Published2025-07-22
Last modified2026-04-13

Underlying weaknesses· 1

CWE-693

References

  1. https://bugzilla.mozilla.org/show_bug.cgi?id=1974407
  2. https://www.mozilla.org/security/advisories/mfsa2025-56/
  3. https://www.mozilla.org/security/advisories/mfsa2025-58/
  4. https://www.mozilla.org/security/advisories/mfsa2025-59/
  5. https://www.mozilla.org/security/advisories/mfsa2025-61/
  6. https://www.mozilla.org/security/advisories/mfsa2025-62/
  7. https://www.mozilla.org/security/advisories/mfsa2025-63/
  8. https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html

1

TypeTargetConfidenceTier
WeaknessProtection Mechanism Failurecwe-6930%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13018
CVE
CVE-2025-1932
CVE
CVE-2025-1009
CVE
CVE-2026-2775
CVE
CVE-2026-2784
CVE
CVE-2026-8962
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.