Home > Vulnerability Database > CVE-2025-3875

Mend.io Vulnerability Database

CVE-2025-3875

Date: May 14, 2025

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.

Severity Score

7.5

Related Resources (5)

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1950629

Url: https://www.mozilla.org/security/advisories/mfsa2025-35/

Url: https://www.mozilla.org/security/advisories/mfsa2025-34/

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-3875

Url: https://www.mend.io/vulnerability-database/CVE-2025-3875

Severity Score

7.5

Weakness Type (CWE)

Authentication Bypass by Spoofing

CWE-290

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-3875

Date: May 14, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?