CVE-2025-6428 is an open redirect vulnerability identified in Mozilla Firefox for Android versions prior to 140. The issue occurs when a URL is embedded within a link's query string parameter; instead of following the intended URL, Firefox for Android erroneously redirects users to the URL specified in the query string. This behavior can be exploited by attackers to craft deceptive links that appear legitimate but redirect victims to malicious websites, facilitating phishing attacks. The vulnerability is categorized under CWE-601, which involves improper validation of URLs leading to open redirects. The flaw does not impact Firefox on desktop or other platforms, limiting its scope to Android users. The vulnerability has a CVSS v3.1 base score of 4.3, indicating medium severity. The attack vector is network-based, requiring no privileges but does require user interaction (clicking the malicious link). There are no known public exploits or active exploitation campaigns reported. The vulnerability was reserved on June 20, 2025, and published on June 24, 2025. No official patches or updates are linked yet, but users are advised to upgrade to Firefox 140 or later once available. This vulnerability could be leveraged by threat actors to conduct phishing campaigns targeting Android users, potentially leading to credential theft or malware deployment.

For European organizations, this vulnerability poses a moderate phishing risk primarily targeting employees and customers using Firefox for Android. Successful exploitation could lead to credential compromise, unauthorized access, or malware infections if users are redirected to malicious sites. Sectors with high reliance on mobile communications, such as finance, healthcare, and government, may be particularly vulnerable to social engineering attacks leveraging this flaw. The impact on confidentiality and integrity is moderate due to the potential for credential theft and subsequent unauthorized actions. Availability is not directly affected. Since the vulnerability requires user interaction and targets a specific browser version on Android, the overall risk is contained but still significant given the widespread use of Firefox for Android in Europe. Attackers could exploit this vulnerability in targeted phishing campaigns, especially in countries with high Firefox for Android market share or strategic importance. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate future threats.

European organizations should implement the following specific mitigations: 1) Monitor and enforce timely updates to Firefox for Android, ensuring all users upgrade to version 140 or later once released. 2) Educate users about the risks of clicking suspicious links, emphasizing caution with links received via email, SMS, or messaging apps. 3) Deploy advanced email and web filtering solutions capable of detecting and blocking phishing URLs, including those exploiting open redirect vulnerabilities. 4) Implement multi-factor authentication (MFA) across critical systems to reduce the impact of credential theft. 5) Conduct phishing simulation exercises targeting mobile users to raise awareness and improve detection of malicious links. 6) Network-level protections such as DNS filtering and URL reputation services can help prevent access to known malicious domains. 7) Security teams should monitor threat intelligence feeds for any emerging exploits related to this vulnerability and respond promptly. 8) Encourage the use of alternative browsers or platforms if immediate patching is not feasible, especially in high-risk environments.