{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/vex/2025/cve-2025-5269-els_os-almalinux9_2esu.json" } ], "tracking": { "current_release_date": "2026-06-13T02:42:17Z", "generator": { "date": "2026-06-16T16:37:08Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-5269-ELS_OS-ALMALINUX9.2ESU", "initial_release_date": "2025-05-27T12:29:00Z", "revision_history": [ { "date": "2025-05-27T12:29:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-27T14:40:48Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-06-13T02:42:17Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "Security update on CVE-2025-5269" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/thunderbird@115.4.1-1.el9_2.alma?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els7?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els11?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-5269", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.11 and Thunderbird 128.11.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5269" } ], "release_date": "2025-05-27T12:29:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-05-19T12:43:59.751710Z", "details": "Ignored due to low severity score", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" ] }, { "category": "no_fix_planned", "date": "2026-06-16T06:29:06.807719Z", "details": "This issue is confined to the Firefox ESR and Thunderbird client applications and requires end‑user interaction (opening crafted web or email content), so servers or VMs without these desktop applications are not exposed. Its CVSS profile reflects only low confidentiality and integrity impact with no availability impact, and there is no indication of active exploitation. Given typical enterprise VM/server deployments run headless workloads, this can be safely deprioritized relative to remotely exploitable server‑side issues.", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els10.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els11.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els7.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els9.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }