CVE-2025-14022
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-15

Last updated on: 2025-12-18

Assigner: LINE Corporation

Description
LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-14022
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linecorp line to 15.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the LINE client for iOS versions prior to 15.4. It is caused by improper SSL/TLS certificate validation within an integrated financial SDK. The SDK disrupts the application's network processing, disabling server certificate verification for a significant portion of network traffic. This flaw allows a network-adjacent attacker to perform man-in-the-middle attacks by intercepting or modifying encrypted communications.


How can this vulnerability impact me? :

The vulnerability can allow an attacker who is near the network to intercept or alter encrypted communications between the LINE client and its servers. This could lead to exposure of sensitive information, unauthorized data modification, and potential compromise of user privacy and security.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart