CVE-2025-14021

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-14021

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14021.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-14021

Published

2025-12-15T07:15:50.850Z

Modified

2026-03-12T17:37:46.221187Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.

References

https://hackerone.com/reports/2548498

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "14.14.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14021.json"