CVE-2025-14022

High CVSS: 7.7

LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications.

Vendor

Linecorp

Product

Line

CWE

CWE-295

Yayın Tarihi

2025-12-15 07:15:50

Güncelleme

2026-01-07 16:15:49

Source Identifier

dl_cve@linecorp.com

KEV Date Added

Kategoriler

CWE-295 Line HIGH Linecorp 2025

Referanslar

https://hackerone.com/reports/2853445

Benzer Kayıtlar

Low

CVE-2025-14023

LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app…

Medium

CVE-2025-14020

LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the ful…

Medium

CVE-2025-14021

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could all…

Low

CVE-2025-14019

LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific l…

Medium

CVE-2025-11222

Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to u…