CVE-2025-14021 — ThreaTel

THREATEL Threat Intel

v0.1

CVE-2025-14021

MED 4.3

Published

2025-12-15

Last Modified

2025-12-18

Affected Apps

1

Affected Devices

37

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.

Affected Applications in Environment 1

Affected Devices 37

APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows APEC-LAB17 Windows

References 1

https://hackerone.com/reports/2548498