CVE-2025-14023 – This vulnerability in LINE for iOS allows attac... (How to Fix)

Q: What is the severity of CVE-2025-14023?

CVE-2025-14023 has a CVSS score of 3.1 (LOW). This vulnerability in LINE for iOS allows attackers to spoof the user interface, creating confusion about whether displayed pages or interactive elements are trustworthy. It affects iOS users running LINE versions prior to 15.19, potentially leading users to interact with malicious content thinking it's legitimate.

📋 TL;DR

This vulnerability in LINE for iOS allows attackers to spoof the user interface, creating confusion about whether displayed pages or interactive elements are trustworthy. It affects iOS users running LINE versions prior to 15.19, potentially leading users to interact with malicious content thinking it's legitimate.

💻 Affected Systems

Products:

LINE for iOS

Versions: All versions prior to 15.19

Operating Systems: iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the iOS LINE client; Android and desktop versions are not impacted.

📦 What is this software?

Line by Linecorp

View all CVEs affecting Line →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into entering sensitive credentials or financial information into spoofed interfaces that appear to be legitimate LINE or trusted websites.

🟠

Likely Case

Users might click on malicious links or interact with deceptive content due to UI confusion, potentially leading to phishing or social engineering attacks.

🟢

If Mitigated

With user awareness and cautious behavior, the impact is limited to minor confusion without significant data compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires specific conditions to trigger the UI inconsistency and user interaction with the spoofed interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 15.19 and later

Vendor Advisory: https://hackerone.com/reports/3260386

Restart Required: No

Instructions:

1. Open the App Store on your iOS device. 2. Search for 'LINE'. 3. Tap 'Update' to install version 15.19 or later. 4. Launch LINE to verify the update.

🔧 Temporary Workarounds

Avoid In-App Browser Usage

all

Use Safari or other external browsers instead of LINE's in-app browser for sensitive activities.

Enable App Updates

all

Ensure automatic app updates are enabled in iOS settings to receive security patches promptly.

🧯 If You Can't Patch

Educate users to verify URLs and be cautious of unexpected UI elements in LINE
Implement network filtering to block known malicious domains that might exploit this vulnerability

🔍 How to Verify

Check if Vulnerable:

Check LINE app version in iOS Settings > General > iPhone Storage > LINE, or within LINE app settings.

Check Version:

Not applicable for iOS apps; check via device settings or app interface.

Verify Fix Applied:

Confirm LINE version is 15.19 or higher after updating via App Store.

📡 Detection & Monitoring

Log Indicators:

Unusual user reports of unexpected UI behavior in LINE

Network Indicators:

Suspicious domains being accessed through LINE's in-app browser

SIEM Query:

Not typically applicable for client-side mobile app vulnerabilities.

📊 Metadata

CVE ID: CVE-2025-14023

CVSS v3 Score: 3.1 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-451

EPSS Score: 0.03% exploit probability (7.9th percentile)

Published: December 15, 2025

Last Updated: January 7, 2026

🔗 References

https://hackerone.com/reports/3260386 Permissions Required,Third Party Advisory
https://hackerone.com/reports/3260386 Permissions Required,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14023, you might also want to check these: