CVE-2025-14809

Summary

ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.

Affected Software

VendorProductVersion RangeStatus
The Browser Company of New YorkArcSearch0 < 1.12.6affected

Weaknesses

  • CWE-1021: CWE-1021 Improper Restriction of Rendered UI Layers or Frames

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References