Incorrect Default Permissions

CVE-2025-8031

High

9.8/10

Summary

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

Published Jul 22, 2025

Incorrect Default Permissions

CVE-2025-8031

Summary

CWE-276 - Incorrect Default Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS