Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-14812
PUBLISHED
More InfoOfficial Page
Assigner-BCNY
Assigner Org ID-59469e6c-7ea7-446f-8e43-06aa32c115e8
View Known Exploited Vulnerability (KEV) details
Published At-19 Dec, 2025 | 16:38
Updated At-19 Dec, 2025 | 16:39
Rejected At-
▼CVE Numbering Authority (CNA)
Address bar spoofing risk in Arc Search on iOS

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk.

Affected Products
Vendor
The Browser Company of New York
Product
ArcSearch
Modules
  • Address bar / Omnibox (address bar UI)
Platforms
  • iOS
Default Status
unaffected
Versions
Affected
  • From 0 before 1.45.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1021CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Type: CWE
CWE ID: CWE-1021
Description: CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-154CAPEC-154 Resource Location Spoofing
CAPEC ID: CAPEC-154
Description: CAPEC-154 Resource Location Spoofing
Solutions

Upgrade ArcSearch on iOS to version 1.45.2 or newer.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://arc.net/security/bulletins#cve-2025-14812-address-bar-spoofing-risk-iframe-triggered-uri-navigation-on-arc-search-ios
N/A
Hyperlink: https://arc.net/security/bulletins#cve-2025-14812-address-bar-spoofing-risk-iframe-triggered-uri-navigation-on-arc-search-ios
Resource: N/A
Details not found