CVE-2025-23086

Feb. 18, 2025, 9:15 p.m.

None
No Score

Description

On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.

Product(s) Impacted

Product Versions
Brave Browser
  • 1.70.x-1.73.x

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References

https://hackerone.com/reports/2888770

Tags

CWE-601
support@hackerone.com
2025-01-21
CVE-2025-23086

Timeline

Published: Jan. 21, 2025, 5:15 a.m.
Last Modified: Feb. 18, 2025, 9:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

support@hackerone.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.