CVE-2025-14021

MEDIUM

LINE client for iOS <14.14 - XSS

Title source: llm

Description

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.

References (1)

[Permissions Required, Third Party Advisory] https://hackerone.com/reports/2548498

Scores

CVSS v3 4.3

EPSS 0.0004

EPSS Percentile 13.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-451

Status published

Products (1)

linecorp/line < 14.14.0

Published Dec 15, 2025

Tracked Since Feb 18, 2026