CVE-2025-3029

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Apr 1, 2025

Updated: Apr 7, 2025

CWE ID 290

Summary

CVE-2025-3029 is a vulnerability that allows a maliciously crafted URL to hide its true origin through the use of specific Unicode characters. This issue can lead to potential spoofing attacks and affects older versions of Firefox (below 137 and ESR below 128.9) and Thunderbird (below 137 and below 128.9). Users who have not yet updated these browsers are at risk of falling victim to these attacks. The vulnerability arises from the way these browsers handle Unicode characters in URLs, making it crucial for users to keep their software up-to-date to protect against such threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/43JP19
https://www.cve.org/CVERecord?id=CVE-2025-3029
https://nvd.nist.gov/vuln/detail/CVE-2025-3029

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-3029

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations