CVE-2025-14020
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-18
Assigner: LINE Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linecorp | line | to 14.20.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a UI spoofing issue in the LINE client for Android versions before 14.20. It occurs in the in-app browser where the full-screen security Toast notification does not properly reappear when users switch back from another application. This flaw could allow attackers to trick users by displaying fake interfaces that look legitimate.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling attackers to perform phishing attacks through impersonation of legitimate interfaces within the app. This could lead to users being deceived into providing sensitive information or performing unintended actions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the LINE client for Android to version 14.20 or later where the UI spoofing issue in the in-app browser has been fixed. Avoid using vulnerable versions and be cautious when interacting with in-app browser content, especially after switching between applications.