CVE-2025-4086

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 29, 2025

Updated: May 9, 2025

CWE ID 451

Summary

CVE-2025-4086 is a vulnerability that affects Thunderbird for Android. A carefully crafted file name, containing an excessive number of encoded newline characters, can conceal the file extension in the download dialog. This deception could potentially lead users to open files with incorrect or hidden extensions. It is essential to note that only Thunderbird for Android versions prior to 138 are vulnerable, while other Thunderbird and Firefox versions, including Firefox 138, remain unaffected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mozilla Firefox
Mozilla Thunderbird

Affected Vendors

Mozilla

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/5nwY25
https://www.cve.org/CVERecord?id=CVE-2025-4086
https://nvd.nist.gov/vuln/detail/CVE-2025-4086

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners