CVE-2025-48980 MEDIUM

CVE-2025-48980

Vendor Brave
Product Desktop Browser
Published October 30, 2025
Last update December 1, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.

Key dates

02Disclosure timeline

October 30, 2025 CVE published
December 1, 2025 Record updated