What is CVE-2025-27425?

CVE-2025-27425 is a vulnerability in Mozilla Firefox For Ios. Published 2025-03-04.

Is CVE-2025-27425 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Firefox For Ios

CVE-2025-27425

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.

EPSS: 0.003 (54.3th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox For Ios — versions 136

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds
zhanpengliu-tencent/medium-cve

References

bugzilla.mozilla.org/show_bug.cgi
www.mozilla.org/security/advisories/mfsa2025-13/

Frequently asked questions

What is CVE-2025-27425?: CVE-2025-27425 is a vulnerability in Mozilla Firefox For Ios. Published 2025-03-04.
Is CVE-2025-27425 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.