CVE-2025-13022 involves incorrect boundary conditions in the Graphics: WebGPU component of Mozilla Firefox, leading to memory safety issues that could allow remote attackers to achieve high-impact outcomes including confidentiality, integrity, and availability compromises. The vulnerability was reported by Atte Kettunen and fixed in Firefox 145 and Thunderbird 145. The CVSS v3.1 base score is 9.8, reflecting network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Mozilla's official advisories MFSA2025-87 and MFSA2025-90 provide detailed references and confirm the remediation.

Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code, cause memory corruption, or escape sandbox restrictions, severely impacting the confidentiality, integrity, and availability of affected systems running vulnerable versions of Firefox or Thunderbird prior to version 145. However, no active exploits have been observed in the wild according to current data.

Mozilla has released official fixes for this vulnerability in Firefox 145 and Thunderbird 145. Users and administrators should update to these versions or later to remediate the issue. Since this is not a cloud service, manual patching is required. There are no indications that additional mitigations beyond applying the official update are necessary.