CVE-2025-23086

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 21, 2025

CWE ID 601

Summary

CVE-2025-23086 is a vulnerability affecting Brave Browser versions 1.70.x-1.73.x on most desktop platforms. The issue lies in the browser's implementation of displaying a site's origin on the OS-provided file selector dialog, which can be inaccurately inferred in certain cases. When this occurs, and an open redirector vulnerability exists on a trusted site, a malicious site can manipulate the file select dialog to initiate a download with the trusted site's origin, potentially deceiving users into trusting and downloading potentially harmful files.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Desktop Browser

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2XJKhj
https://www.cve.org/CVERecord?id=CVE-2025-23086
https://nvd.nist.gov/vuln/detail/CVE-2025-23086

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-23086

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations