CVE-2025-27425
published 2025-03-04CVE-2025-27425: Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 136.0 | 136.0 |
| mozilla | firefox | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM
Debian
CVE-2025-27425: firefox - Scanning certain QR codes that included text with a website URL could allow the ...
vendor_debian·2025·CVSS 4.3
CVE-2025-27425 [MEDIUM] CVE-2025-27425: firefox - Scanning certain QR codes that included text with a website URL could allow the ...
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2025-13: CVE-2025-27425
vendor_mozilla·CVSS 4.3
CVE-2025-27425 [MEDIUM] Mozilla Foundation Security Advisory 2025-13: CVE-2025-27425
Mozilla Foundation Security Advisory 2025-13
CVE: CVE-2025-27425
Product: Firefox for iOS
Impact: low
Fixed in: Firefox for iOS 136
GHSA
GHSA-249w-xh84-97wj: Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert
ghsa_unreviewed·2025-03-04
CVE-2025-27425 [MEDIUM] CWE-287 GHSA-249w-xh84-97wj: Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136.
OSV
CVE-2025-27425: Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert
osv·2025-03-04·CVSS 4.3
CVE-2025-27425 [MEDIUM] CVE-2025-27425: Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-04
Published