CVE-2025-14812

Summary

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk.

Affected Software

VendorProductVersion RangeStatus
The Browser Company of New YorkArcSearch0 < 1.45.2affected

Weaknesses

  • CWE-1021: CWE-1021 Improper Restriction of Rendered UI Layers or Frames

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References