CVE-2025-4090 is a medium-severity vulnerability affecting Mozilla's Thunderbird for Android and Firefox versions prior to 138. The issue involves the inadvertent logging of potentially sensitive library paths via Android's Logcat system. Specifically, Thunderbird for Android logs internal library locations, which could reveal directory structures or file paths that are meant to remain confidential. This vulnerability is categorized under CWE-532, which refers to the exposure of information through log files. The CVSS 3.1 base score is 5.3, indicating a medium impact primarily on confidentiality, with no impact on integrity or availability. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), and the scope remains unchanged (S:U). While no known exploits are currently reported in the wild, the exposure of library paths can aid attackers in crafting targeted attacks, such as identifying vulnerable components or facilitating further exploitation by mapping the internal structure of the application environment. The vulnerability affects Firefox and Thunderbird versions below 138, but the exact affected versions are unspecified. The lack of patch links suggests that fixes may be pending or recently released without public documentation at the time of reporting.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality. The leakage of library paths can provide attackers with valuable reconnaissance information, potentially enabling more sophisticated attacks against the affected applications. Organizations relying on Thunderbird for Android or Firefox for communication or browsing could see an increased risk of targeted attacks, especially if combined with other vulnerabilities. While the vulnerability does not directly compromise data integrity or availability, the information disclosure could facilitate lateral movement or privilege escalation attempts. Given the widespread use of Mozilla products in Europe, especially in sectors emphasizing open-source software adoption such as government, education, and technology, the impact could be significant if exploited in conjunction with other vulnerabilities. However, since no exploits are known in the wild and the vulnerability does not require user interaction or privileges, the immediate risk is moderate but should not be ignored.

To mitigate this vulnerability, European organizations should ensure that all instances of Thunderbird for Android and Firefox are updated to version 138 or later as soon as patches become available. In the interim, organizations can limit exposure by restricting access to device logs, especially Logcat outputs, through device management policies or by disabling unnecessary logging where feasible. Employing mobile device management (MDM) solutions to control application permissions and log access can reduce the risk of information leakage. Additionally, monitoring for unusual access patterns to logs or suspicious reconnaissance activity can help detect attempts to exploit this vulnerability. Developers and administrators should audit logging configurations to avoid logging sensitive information and apply secure coding practices to prevent similar issues. Finally, educating users about the risks of installing untrusted applications that might access logs can further reduce exploitation chances.