{"api_version":"1","generated_at":"2026-04-26T04:24:17+00:00","cve":"CVE-2025-6433","urls":{"html":"https://cve.report/CVE-2025-6433","api":"https://cve.report/api/cve/CVE-2025-6433.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-6433","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-6433"},"summary":{"title":"WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate","description":"If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete.  This is in violation of the WebAuthN spec which requires \"a secure transport established without errors\". This vulnerability was fixed in Firefox 140 and Thunderbird 140.","state":"PUBLISHED","assigner":"mozilla","published_at":"2025-06-24 13:15:24","updated_at":"2026-04-13 15:17:07"},"problem_types":["CWE-295","CWE-295 CWE-295 Improper Certificate Validation"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2025-51/","name":"https://www.mozilla.org/security/advisories/mfsa2025-51/","refsource":"security@mozilla.org","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-54/","name":"https://www.mozilla.org/security/advisories/mfsa2025-54/","refsource":"security@mozilla.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1954033","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1954033","refsource":"security@mozilla.org","tags":["Permissions Required"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-6433","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6433","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Mozilla","product":"Firefox","version":"unaffected 140 * rpm","platforms":[]},{"source":"CNA","vendor":"Mozilla","product":"Thunderbird","version":"unaffected 140 * rpm","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Simon","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"6433","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"6433","cve":"CVE-2025-6433","epss":"0.000630000","percentile":"0.195630000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:56"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-6433","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-06-25T12:31:56.389041Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-06-25T12:41:50.340Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"Firefox","vendor":"Mozilla","versions":[{"lessThanOrEqual":"*","status":"unaffected","version":"140","versionType":"rpm"}]},{"product":"Thunderbird","vendor":"Mozilla","versions":[{"lessThanOrEqual":"*","status":"unaffected","version":"140","versionType":"rpm"}]}],"credits":[{"lang":"en","value":"Simon"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete.  This is in violation of the WebAuthN spec which requires \"a secure transport established without errors\". This vulnerability was fixed in Firefox 140 and Thunderbird 140."}],"value":"If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete.  This is in violation of the WebAuthN spec which requires \"a secure transport established without errors\". This vulnerability was fixed in Firefox 140 and Thunderbird 140."}],"providerMetadata":{"dateUpdated":"2026-04-13T14:31:09.599Z","orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla"},"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1954033"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-51/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-54/"}],"title":"WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate"}},"cveMetadata":{"assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","assignerShortName":"mozilla","cveId":"CVE-2025-6433","datePublished":"2025-06-24T12:28:04.065Z","dateReserved":"2025-06-20T14:51:39.059Z","dateUpdated":"2026-04-13T14:31:09.599Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-06-24 13:15:24","lastModifiedDate":"2026-04-13 15:17:07","problem_types":["CWE-295","CWE-295 CWE-295 Improper Certificate Validation"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"140.0","matchCriteriaId":"77D2BF2A-26A3-4664-93B5-B41BCF17AC9E"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"6433","Ordinal":"1","Title":"WebAuthn would allow a user to sign a challenge on a webpage wit","CVE":"CVE-2025-6433","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"6433","Ordinal":"1","NoteData":"If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete.  This is in violation of the WebAuthN spec which requires \"a secure transport established without errors\". This vulnerability was fixed in Firefox 140 and Thunderbird 140.","Type":"Description","Title":"WebAuthn would allow a user to sign a challenge on a webpage wit"}]}}}