Description

ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.

Related CPE's

Could not find any relations

References

https://arc.net/security/bulletins#cve-2025-14809-address-bar-spoofing-risk-navigation-trigger-uri-confusion-on-arcsearch-android

Weaknesses

59469e6c-7ea7-446f-8e43-06aa32c115e8

Secondary
CWE-1021

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

7.4 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

59469e6c-7ea7-446f-8e43-06aa32c115e8

Vulnerability status

Awaiting analysis

Published

2025-12-19T17:15:50.800

3 hours ago

Last modified

2025-12-19T18:00:18.330

3 hours ago