How severe is CVE-2025-3522?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-3522?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2025-3522

MEDIUM Year: 2025

CVSS v3 Score

6.3

Medium

Weakness Type

CWE-601

View all →

Vulnerability Description

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.

CVE-2019-4035

MEDIUM

CVSS:6.3(Medium)

IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to t...

CWE-6012019

CVE-2021-21392

MEDIUM

CVSS:6.3(Medium)

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 request...

CWE-6012021

CVE-2021-23888

MEDIUM

CVSS:6.3(Medium)

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which c...

CWE-6012021

CVE-2024-9387

MEDIUM

CVSS:6.4(Medium)

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a giv...

CWE-6012024

CVE-2005-10001

MEDIUM

CVSS:6.1(Medium)

A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The mani...

CWE-6012005

CVE-2005-4206

MEDIUM

CVSS:6.1(Medium)

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks ...

CWE-6012005

CVE-2025-3522

Vulnerability Description

Related Vulnerabilities

CVE-2019-4035

CVE-2021-21392

CVE-2021-23888

CVE-2024-9387

CVE-2005-10001

CVE-2005-4206