How severe is CVE-2025-3932?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2025-3932?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2025-3932 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.

Related Vulnerabilities

CVE-2020-13185

MEDIUM

CVSS:6.5(Medium)

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attac...

CWE-2882020

CVE-2020-1637

MEDIUM

CVSS:6.5(Medium)

A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occ...

CWE-2882020

CVE-2020-17409

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmwar...

CWE-2882020

CVE-2020-27863

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit thi...

CWE-2882020

CVE-2022-1067

MEDIUM

CVSS:6.5(Medium)

Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.

CWE-2882022

CVE-2022-23722

MEDIUM

CVSS:6.5(Medium)

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another exi...

CWE-2882022