CVE-2025-8032

XSLT documents could bypass CSP

CVSS 8.1 HIGHEPSS 0.3%CWE-693

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

22 jul 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Productos afectados

Mozilla · Firefox Mozilla · Thunderbird

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugzilla.mozilla.org/show_bug.cgi?id=1974407 https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html https://www.mozilla.org/security/advisories/mfsa2025-56/https://www.mozilla.org/security/advisories/mfsa2025-58/https://www.mozilla.org/security/advisories/mfsa2025-59/https://www.mozilla.org/security/advisories/mfsa2025-61/https://www.mozilla.org/security/advisories/mfsa2025-62/https://www.mozilla.org/security/advisories/mfsa2025-63/