CVE-2025-8028 is a critical security vulnerability identified in Mozilla Firefox and Thunderbird browsers running on arm64 architectures. The issue stems from the WebAssembly (WASM) br_table instruction, which is used for indirect branching based on an index. When the br_table instruction contains a large number of entries, the label that the instruction branches to can be located too far from the instruction itself. This distance causes truncation in the branch address calculation, leading to incorrect computation of the target address. Such miscalculation can result in the execution of unintended code paths, potentially allowing an attacker to execute arbitrary code. The vulnerability affects Firefox versions prior to 141, Firefox ESR versions prior to 115.26, 128.13, and 140.1, as well as Thunderbird versions prior to 141 and corresponding ESR versions. The flaw is categorized under CWE-1332, which relates to improper handling of branch instructions. The CVSS v3.1 base score is 9.8, indicating a critical severity level with network attack vector, low attack complexity, no privileges required, no user interaction, and impacts on confidentiality, integrity, and availability. Although no exploits are currently known in the wild, the vulnerability's nature and severity make it a high-risk issue. The root cause lies in the WASM engine's handling of branch tables on arm64, which is a widely used architecture in modern devices, including servers and desktops. This vulnerability could be exploited remotely by an attacker crafting malicious web content or documents that trigger the faulty br_table instruction, leading to arbitrary code execution within the context of the browser or email client process.

For European organizations, the impact of CVE-2025-8028 is significant due to the widespread use of Firefox and Thunderbird in both enterprise and public sectors. Exploitation could lead to full compromise of affected systems, allowing attackers to execute arbitrary code, steal sensitive data, or disrupt operations. This is particularly critical for sectors such as finance, government, healthcare, and critical infrastructure, where confidentiality and integrity of information are paramount. The vulnerability's ability to be exploited remotely without user interaction increases the risk of widespread attacks, including targeted espionage or ransomware deployment. Organizations using arm64-based devices, including newer laptops, servers, and cloud instances, are especially vulnerable. The lack of known exploits currently provides a window for proactive mitigation, but the critical severity demands urgent attention. Failure to address this vulnerability could result in data breaches, operational downtime, and reputational damage across European entities.

To mitigate CVE-2025-8028, European organizations should: 1) Immediately monitor Mozilla security advisories and apply official patches or updates as soon as they become available for Firefox and Thunderbird on arm64 platforms. 2) Temporarily restrict or disable the use of affected Firefox and Thunderbird versions on arm64 devices until patches are deployed. 3) Employ network-level protections such as web filtering and intrusion detection systems to block or alert on suspicious WebAssembly content or exploitation attempts. 4) Conduct internal audits to identify all arm64 devices running affected versions and prioritize patching accordingly. 5) Educate users about the risk and encourage cautious browsing behavior, especially avoiding untrusted websites or email attachments. 6) Consider deploying application sandboxing or endpoint detection and response (EDR) solutions that can detect anomalous behavior indicative of exploitation. 7) Collaborate with IT and security teams to integrate vulnerability management processes that ensure timely updates for browsers and email clients. These steps go beyond generic advice by focusing on architecture-specific risk, proactive device inventory, and layered defenses tailored to the nature of the vulnerability.