CVE-2025-14021

EPSS 0.03%
Veröffentlicht 15.12.2025 06:41:37
Zuletzt bearbeitet 18.12.2025 02:01:42
Quelle dl_cve@linecorp.com
CVE-Watchlists
Login
Unerledigt
Login

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linecorp ≫ Line SwPlatformiphone_os Version < 14.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
dl_cve@linecorp.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-451 User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

https://hackerone.com/reports/2548498

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-14021

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14021

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14021

EUVD