CVE-2025-14020 – LINE for Android versions before 14.20 has a UI... (How to Fix)

Q: What is the severity of CVE-2025-14020?

CVE-2025-14020 has a CVSS score of 5.4 (MEDIUM). LINE for Android versions before 14.20 has a UI spoofing vulnerability where the full-screen security notification disappears when switching apps and returning. This allows attackers to create fake interfaces that appear legitimate, potentially tricking users into entering sensitive information. Only Android LINE users with versions below 14.20 are affected.

📋 TL;DR

LINE for Android versions before 14.20 has a UI spoofing vulnerability where the full-screen security notification disappears when switching apps and returning. This allows attackers to create fake interfaces that appear legitimate, potentially tricking users into entering sensitive information. Only Android LINE users with versions below 14.20 are affected.

💻 Affected Systems

Products:

LINE for Android

Versions: All versions prior to 14.20

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the in-app browser component when users switch away from LINE and return to it.

📦 What is this software?

Line by Linecorp

View all CVEs affecting Line →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into entering login credentials, financial information, or other sensitive data into a malicious interface that appears to be part of LINE's legitimate in-app browser.

🟠

Likely Case

Phishing attacks where users are directed to malicious websites through LINE links, with attackers creating convincing fake login pages or payment forms that appear legitimate due to the missing security notification.

🟢

If Mitigated

Users remain cautious about unexpected login prompts and verify URLs, limiting successful phishing attempts despite the vulnerability.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking malicious links) but no authentication. Attackers need to craft convincing phishing pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.20 and later

Vendor Advisory: https://hackerone.com/reports/2547989

Restart Required: No

Instructions:

1. Open Google Play Store
2. Search for 'LINE'
3. If update is available, tap 'Update'
4. Ensure version is 14.20 or higher

🔧 Temporary Workarounds

Use External Browser

android

Configure LINE to open links in your device's default browser instead of the in-app browser

1. Open LINE settings
2. Go to Privacy settings
3. Disable 'Open links in app' or similar option

🧯 If You Can't Patch

Avoid clicking links from untrusted sources within LINE
Manually verify URLs in the address bar before entering any sensitive information

🔍 How to Verify

Check if Vulnerable:

Check LINE version in app settings: Settings > About LINE > Version. If below 14.20, you are vulnerable.

Check Version:

No command line option. Check within LINE app: Settings > About LINE > Version

Verify Fix Applied:

After updating, verify version is 14.20 or higher in Settings > About LINE > Version.

📡 Detection & Monitoring

Log Indicators:

Unusual login attempts from new devices
Multiple failed authentication attempts

Network Indicators:

Connections to known phishing domains from LINE app

SIEM Query:

Not applicable for client-side mobile app vulnerability

📊 Metadata

CVE ID: CVE-2025-14020

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-451

EPSS Score: 0.03% exploit probability (7.3th percentile)

Published: December 15, 2025

Last Updated: December 18, 2025

🔗 References

https://hackerone.com/reports/2547989 Permissions Required,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14020, you might also want to check these: