PT-2025-16349 · Mozilla+11 · Thunderbird+11

Dario Weißer

Published

2025-04-15

Updated

2025-07-22

CVE-2025-2830

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 137.0.2 Thunderbird versions prior to 128.9.2

Description The issue allows an attacker to disclose sensitive information from the victim's system by crafting a malformed file name for an attachment in a multipart message, tricking Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This behavior is not limited to Linux and has also been observed on Windows.

Recommendations For versions prior to 137.0.2, update to version 137.0.2 or later. For versions prior to 128.9.2, update to version 128.9.2 or later. As a temporary workaround, consider avoiding the use of malformed file names for attachments in multipart messages until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2025:4229

ALSA-2025:4649

ALSA-2025:7435

ALSA-2025:7507

ALT-PU-2025-5887

ALT-PU-2025-7695

BDU:2025-06569

CESA-2025_4649

CVE-2025-2830

DLA-4167-1

DSA-5912-1

INFSA-2025_4229

INFSA-2025_4649

INFSA-2025_7435

OESA-2025-1835

OPENSUSE-SU-2025:15000-1

OPENSUSE-SU-2025_1366-1

RHSA-2025:4229

RHSA-2025:4389

RHSA-2025:4512

RHSA-2025:4513

RHSA-2025:4514

RHSA-2025:4617

RHSA-2025:4649

RHSA-2025:4654

RHSA-2025:4665

RHSA-2025:7435

RHSA-2025:7507

RHSA-2025_4229

RHSA-2025_4649

RHSA-2025_7435

SUSE-SU-2025:1366-1

USN-7663-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2025-16349 · Mozilla+11 · Thunderbird+11

CVE-2025-2830

Weakness Enumeration

Related Identifiers

Affected Products

References · 203