{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5270", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-05-27T12:29:28.241Z", "datePublished": "2025-05-27T12:29:28.612Z", "dateUpdated": "2026-04-13T14:30:47.210Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "139", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "139", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139."}]}], "title": "SNI was sometimes unencrypted", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1910298"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"}], "credits": [{"lang": "en", "value": "xiulou"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:47.210Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-319", "lang": "en", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-23T14:33:45.887775Z", "id": "CVE-2025-5270", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-23T14:33:49.069Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-5270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-23T14:33:45.887775Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T17:40:36.778Z"}}], "cna": {"title": "SNI was sometimes unencrypted", "credits": [{"lang": "en", "value": "xiulou"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "139", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "139", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1910298"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"}], "descriptions": [{"lang": "en", "value": "In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.", "supportingMedia": [{"type": "text/html", "value": "In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:47.210Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5270", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:47.210Z", "dateReserved": "2025-05-27T12:29:28.241Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-05-27T12:29:28.612Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "82C74587-41B7-49DB-8B9D-99DE41506023", "versionEndExcluding": "139.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139."}, {"lang": "es", "value": "En algunos casos, el SNI podr\u00eda haberse enviado sin cifrar, incluso con el DNS cifrado habilitado. Esta vulnerabilidad afecta a Firefox (versi\u00f3n anterior a la 139)."}], "id": "CVE-2025-5270", "lastModified": "2026-04-13T15:17:05.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-27T13:15:22.823", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1910298"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: SNI was sometimes unencrypted", "id": "2368758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368758"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-319", "details": ["In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: In certain cases, SNI could be sent unencrypted, even when encrypted DNS is enabled."], "name": "CVE-2025-5270", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-27T12:29:28Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-5270\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-5270\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1910298\nhttps://www.mozilla.org/security/advisories/mfsa2025-42/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-20T20:30:18.512490+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version\u00a0139 or later", "Upgrade Thunderbird to version\u00a0139 or later", "If upgrading is not possible, monitor TLS traffic for unencrypted SNI entries or apply network controls that detect and flag such traffic"], "summary": {"action": "Patch", "impact": "Sensitive data exposure through unencrypted TLS Server Name Indication"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Mozilla Thunderbird versions older than 139 are affected. The issue was resolved in Firefox 139 and Thunderbird 139. Users running earlier versions in environments that enable encrypted DNS should be aware that unencrypted SNI may still be sent.", "description_and_impact": "The vulnerability allows the TLS Server Name Indication (SNI) extension to be transmitted without encryption in certain circumstances where DNS traffic is otherwise encrypted. This flaw results in loss of confidentiality, as the domain names requested over TLS can be exposed to anyone who can observe network traffic. The weakness is identified as CWE\u2011319, Loss of Confidentiality via Unencrypted Communication.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high impact on confidentiality. The EPSS score of less than 1% suggests a low probability of exploitation at this time, and the vulnerability is not listed in CISA KEV. The likely attack vector is passive network monitoring of the TLS handshake (inferred from the description) in scenarios where encrypted DNS is expected to protect all TLS metadata. Although this can be observed by adversaries with access to the network path, the overall threat remains limited because the primary effect is informational leakage rather than direct system compromise."}}}}, "created": "2026-04-20T20:45:16.928264+00:00", "updated": "2026-04-20T20:45:16.928277+00:00", "vendors": []}