← back
CVE-2025-14021

CVE-2025-14021

CVSS 4.3 MEDIUMEPSS 0.2%CWE-451
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected products
LINE Corporation · LINE client for iOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://hackerone.com/reports/2548498