CVE-2025-55031

CWE-601 — Open Redirect5 documents4 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 74.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox FOR IOS Mozilla Focus FOR IOS Mozilla Firefox +1 more

Timeline

PublishedAug 19

Description

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDmozilla/firefox_focus< 142.0

▶NVDmozilla/firefox< 142.0

▶CVEListV5mozilla/firefox_for_iosunspecified — 142

▶CVEListV5mozilla/focus_for_iosunspecified — 142

🔴Vulnerability Details

CVEList

Passkey phishing within Bluetooth range↗2025-08-19

▶

GHSA

GHSA-6rx2-wjr5-47v3: Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport↗2025-08-19

▶

📋Vendor Advisories

Mozilla

Mozilla Foundation Security Advisory 2025-68: CVE-2025-55031↗

▶

Mozilla

Mozilla Foundation Security Advisory 2025-69: CVE-2025-55031↗

▶