UI Spoofing Vulnerability in LINE Client for Android
CVE-2025-14020

5.4MEDIUM

Key Information:

Vendor: Line Corporation
Status: Line Client For Android
Vendor: CVE Published:; 15 December 2025

🔔 Create Line Corporation Vulnerability Alert

What is CVE-2025-14020?

The LINE Client for Android prior to version 14.20 contains a significant UI spoofing vulnerability within its in-app browser. This flaw arises from the failure to properly re-display the full-screen security Toast notification when users transition back from other applications. This oversight can be exploited by attackers to perform phishing attacks, as they could potentially impersonate legitimate interfaces, misleading users into providing sensitive information.

Affected Version(s)

LINE client for Android 10.0 < 14.20

References

https://hackerone.com/reports/2547989

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Dec 4, 2025

JSON