MEDIUM🇬🇧 English

CVE-2025-56139

CVSS 5.3v3.1pub. 2025-09-03upd. 2025-09-08

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different URL, which can be malicious. This UI misrepresentation enables attackers to deceive users by displaying trusted previews for harmful links, facilitating phishing attacks and user confusion.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • Linkedin

    APP
    Linkedin
    4.1.1087.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-28425HIGH7.5ten sam vendor

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /...

CVE-2008-3435HIGH7.5ten sam vendor

LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which al...

CVE-2021-4264MEDIUM6.3ten sam vendor

A vulnerability was found in LinkedIn dustjs up to 2.x and classified as problematic. Affected by this issue i...

CVE-2021-26722MEDIUM6.1ten sam vendor

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found ...

CVE-2007-3955MEDIUM6.8ten sam vendor

Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Tool...

CVE-2025-56139 — MEDIUM 5.3 | CVEbaza.pl