Deceptive Fullscreen Vulnerability in Diabrowser
CVE-2025-13132

7.4HIGH

Key Information:

Vendor: The Browser Company Of New York
Status: Dia
Vendor: CVE Published:; 21 November 2025

🔔 Create The Browser Company Of New York Vulnerability Alert

What is CVE-2025-13132?

This vulnerability in Diabrowser enables a site to enter fullscreen mode after a user click without displaying a notification. This oversight poses a risk as it can mislead users about their actual location, allowing malicious sites to render deceptive user interfaces, such as mimicking valid address bars. Awareness of this vulnerability is crucial for ensuring user safety online.

Affected Version(s)

Dia 0 < 1.6.0

References

https://www.diabrowser.com/security/bulletins#CVE-2025-13132

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Nov 13, 2025

JSON