Address Bar Spoofing Vulnerability in LINE for iOS
CVE-2025-14021

4.3MEDIUM

Key Information:

Vendor: Line Corporation
Status: Line Client For iOS
Vendor: CVE Published:; 15 December 2025

🔔 Create Line Corporation Vulnerability Alert

What is CVE-2025-14021?

The in-app browser in LINE for iOS versions prior to 14.14 contains a vulnerability that allows for address bar spoofing. This issue can be exploited by attackers to inject malicious JavaScript into iframes, all while displaying what appears to be a trusted URL. This manipulation can lead to phishing attacks, where users may be misled into providing sensitive information via overlaid malicious content. Users of affected versions should consider updating to secure their applications.

Affected Version(s)

LINE client for iOS 14.13 < 14.14

References

https://hackerone.com/reports/2548498

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Dec 4, 2025

JSON