CVE-2025-14021 MEDIUM

CVE-2025-14021

Vendor Line Corporation
Product LINE client for iOS
Published December 15, 2025
Last update December 15, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.

Key dates

02Disclosure timeline

December 15, 2025 CVE published
December 15, 2025 Record updated