CVE-2025-15032

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-01-16

Assigner: BCNY

Description

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-16

Last Modified

2026-01-16

Generated

2026-05-07

EPSS Evaluated

2026-05-05

NVD

CVE-2025-15032

EUVD

EUVD-2026-2869

Affected Vendors & Products

Vendor	Product	Version / Range
dia_browser	dia	to 1.9.0 (exc)
dia_browser	dia	From 1.9.1 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-1021	The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-15032

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart