Home

Description

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.

PUBLISHED Reserved 2025-12-04 | Published 2025-12-15 | Updated 2025-12-15 | Assigner LY-Corporation




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

na

Product status

14.13 (custom) before 14.14
affected

References

hackerone.com/reports/2548498

cve.org (CVE-2025-14021)

nvd.nist.gov (CVE-2025-14021)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.