CVE-2025-10530 is a vulnerability identified in the WebAuthn component of Mozilla Firefox for Android and Thunderbird prior to version 143. The flaw is categorized as a spoofing issue (CWE-290), where an attacker can deceive the authentication mechanism by forging or manipulating WebAuthn prompts or responses. WebAuthn is a web standard for secure authentication using public key cryptography, often employed to replace passwords with hardware tokens or biometric verification. This vulnerability allows an unauthenticated remote attacker to exploit the flaw without requiring user interaction, potentially causing the browser or email client to accept fraudulent authentication assertions. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact primarily affects confidentiality and integrity, as attackers could bypass or spoof authentication, possibly gaining unauthorized access or impersonating legitimate users. Availability is not impacted. No known exploits have been reported in the wild, and no official patches have been linked yet, though the vulnerability is publicly disclosed as of September 16, 2025. The affected versions are all Firefox and Thunderbird versions below 143 on Android platforms. This vulnerability highlights risks in the WebAuthn implementation, which is critical for secure authentication workflows.

For European organizations, this vulnerability poses a significant risk to secure authentication processes, particularly those leveraging WebAuthn for passwordless or multi-factor authentication. Successful exploitation could lead to unauthorized access to sensitive systems, data breaches, and impersonation of users, undermining confidentiality and integrity of communications and transactions. Sectors such as finance, government, healthcare, and critical infrastructure that rely on Firefox or Thunderbird on Android devices for secure communications are especially vulnerable. The lack of required privileges and user interaction lowers the barrier for attackers, increasing the threat surface. Although availability is unaffected, the compromise of authentication mechanisms can have cascading effects on trust and security posture. The absence of known exploits provides a window for proactive mitigation, but organizations must act swiftly to prevent potential exploitation. Additionally, the vulnerability could be leveraged in targeted phishing or social engineering campaigns to amplify impact.

1. Monitor Mozilla advisories closely and apply updates to Firefox and Thunderbird to version 143 or later as soon as patches are released. 2. Until patches are available, restrict or disable the use of Firefox and Thunderbird on Android devices within the organization, especially for high-risk users or roles. 3. Implement additional authentication monitoring to detect anomalies in WebAuthn authentication attempts, such as unexpected credential assertions or unusual device usage. 4. Educate users about the risks of spoofed authentication prompts and encourage vigilance when authenticating. 5. Consider deploying endpoint protection solutions that can detect suspicious browser or application behavior related to authentication flows. 6. Review and tighten access controls and session management to limit the impact of potential unauthorized access. 7. Where possible, use alternative secure browsers or email clients not affected by this vulnerability until patches are confirmed applied. 8. Conduct internal audits of authentication logs to identify any suspicious activity that could indicate exploitation attempts.