CVE-2025-3875 is a high-severity vulnerability affecting Mozilla Thunderbird versions prior to 128.10.1 and 138.0.1. The issue arises from Thunderbird's improper parsing of the 'From' header in email messages. Specifically, if an email server permits an invalid 'From' address format, such as a malformed or improperly spaced value like "Spoofed Name ", Thunderbird incorrectly interprets the actual sender's address. This parsing flaw allows an attacker to spoof the sender's identity by crafting emails with manipulated 'From' headers that appear legitimate to the recipient. The vulnerability does not require any user interaction or authentication and can be exploited remotely by sending a malicious email to the target. The CVSS score of 7.5 (High) reflects the ease of exploitation (network vector, low attack complexity, no privileges or user interaction required) and the significant confidentiality impact, as the spoofed sender could deceive recipients into trusting malicious emails. However, the vulnerability does not impact integrity or availability directly. This flaw falls under CWE-290 (Authentication Bypass by Spoofing), indicating that the email client fails to properly validate sender identity, potentially enabling phishing or social engineering attacks. No known exploits are currently reported in the wild, and no official patches have been linked yet, though affected versions are clearly identified.

For European organizations, this vulnerability poses a substantial risk to email security and trustworthiness. Since Thunderbird is widely used across various sectors in Europe, including government, finance, education, and enterprises, the ability to spoof sender addresses can facilitate sophisticated phishing campaigns, business email compromise (BEC), and targeted social engineering attacks. Attackers could impersonate trusted contacts or internal personnel, leading to unauthorized disclosure of sensitive information, financial fraud, or malware delivery. The confidentiality of communications is at risk, potentially undermining compliance with GDPR and other data protection regulations. Although the vulnerability does not directly compromise system integrity or availability, the indirect consequences of successful spoofing—such as credential theft or malware infection—could lead to broader security incidents. The lack of required user interaction lowers the barrier for exploitation, increasing the threat surface for European organizations relying on Thunderbird for email communications.

European organizations should prioritize updating Mozilla Thunderbird to versions 128.10.1 or 138.0.1 or later as soon as patches become available. Until then, specific mitigations include: 1) Implementing strict email filtering and validation at the mail server level to reject emails with malformed or suspicious 'From' headers; 2) Deploying advanced anti-phishing and anti-spoofing technologies such as DMARC, SPF, and DKIM to authenticate sender domains and reduce the risk of spoofed emails reaching end users; 3) Educating users to recognize signs of spoofed emails and encouraging verification of unexpected or unusual requests via alternative communication channels; 4) Monitoring email logs for anomalies in sender addresses and unusual patterns that may indicate exploitation attempts; 5) Considering temporary use of alternative email clients or webmail interfaces that are not affected by this vulnerability for sensitive communications; 6) Coordinating with IT and security teams to implement incident response plans specifically addressing email spoofing scenarios.