CVE-2025-6425 is a vulnerability discovered in Mozilla Firefox and Thunderbird related to the WebCompat extension. The WebCompat extension is designed to improve compatibility with websites by applying fixes or workarounds. However, this extension exposes a persistent UUID that can be enumerated by an attacker. This UUID uniquely identifies the browser instance and persists across normal and private browsing modes, although it does not persist across different user profiles. The vulnerability affects Firefox versions prior to 140, Firefox ESR versions prior to 115.25 and 128.12, and Thunderbird versions prior to 140 and 128.12. An attacker can exploit this vulnerability remotely by enticing a user to visit a malicious webpage that enumerates the WebCompat extension's resources to extract the UUID. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The CVSS v3.1 base score is 4.3 (medium severity), reflecting that the attack vector is network-based, requires no privileges, but does require user interaction, and results in limited confidentiality impact without affecting integrity or availability. No patches or exploits are currently publicly available, but the vulnerability has been officially published and reserved by Mozilla. This vulnerability primarily enables tracking or fingerprinting of users by providing a persistent identifier that is difficult to clear by switching browsing modes, thus undermining user privacy.

For European organizations, the primary impact of CVE-2025-6425 is a privacy and confidentiality risk. The persistent UUID can be used by attackers or trackers to uniquely identify and track users across normal and private browsing sessions, circumventing some privacy protections. This can lead to profiling, targeted phishing, or surveillance activities. Organizations handling sensitive or regulated data, such as those in finance, healthcare, or government sectors, may face compliance risks under GDPR and other privacy regulations if user privacy is compromised. While the vulnerability does not allow code execution or system compromise, the leakage of persistent identifiers can facilitate more sophisticated attacks or data correlation. The risk is heightened in environments where Firefox or Thunderbird are widely used and where users rely on private browsing modes to protect their privacy. Additionally, the lack of impact on integrity or availability means operational disruption is unlikely, but reputational damage and regulatory penalties could result from privacy breaches.

1. Update affected Mozilla Firefox and Thunderbird installations to versions 140 or later, or ESR versions 115.25/128.12 or later once patches are released. 2. Until patches are available, restrict or disable the WebCompat extension if possible, or configure browser policies to limit extension resource enumeration. 3. Educate users about the risks of visiting untrusted websites and encourage cautious browsing behavior to reduce exposure to malicious sites attempting to exploit this vulnerability. 4. Employ network-level protections such as web filtering and DNS filtering to block access to known malicious domains. 5. Monitor browser telemetry and logs for unusual extension activity or unexpected UUID enumeration attempts. 6. For organizations with strict privacy requirements, consider deploying browser configurations or extensions that enhance anti-fingerprinting protections. 7. Coordinate with Mozilla security advisories for timely patch deployment and further guidance.