CVE-2025-55031

CVE Database · CVE-2025-55031

CVE-2025-55031

· CRITICALModified

CVSS v3.1

9.8

EPSS

0.39%

Published

Aug 19, 2025

Modified

Apr 13, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed in Firefox for iOS 142 and Focus for iOS 142.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-601

Affected Products (2)

mozilla · firefox (up to 142.0)vulnerable

mozilla · firefox_focus (up to 142.0)vulnerable

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1979499

Issue TrackingPermissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=1979804

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2025-68/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2025-69/

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs