Man-in-the-Middle Vulnerability in LINE Client for iOS
CVE-2025-14022

7.7HIGH

Key Information:

Vendor: Line Corporation
Status: Line Client For iOS
Vendor: CVE Published:; 15 December 2025

🔔 Create Line Corporation Vulnerability Alert

What is CVE-2025-14022?

The LINE client for iOS prior to version 15.4 has a vulnerability that allows man-in-the-middle attacks due to inadequate SSL/TLS certificate validation in an integrated financial SDK. This security flaw disrupts the application's network processing, effectively disabling server certificate verification for a significant portion of its network traffic. As a consequence, an attacker situated on the same network could intercept or modify encrypted communications, posing serious security risks for users relying on this application for financial transactions.

Affected Version(s)

LINE client for iOS 15.3 < 15.4

References

https://hackerone.com/reports/2853445

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Dec 4, 2025

JSON