CVE-2025-13132— Dia: Increased Spoof Risk; Missing full screen toast
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-13132
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dia: Increased Spoof Risk; Missing full screen toast
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification (toast) appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake UI (like a fake address bar.)
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不当限制渲染UI层或帧
Source: NVD (National Vulnerability Database)
Vulnerability Title
The Browser Company of New York Dia 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
The Browser Company of New York Dia是美国The Browser Company of New York公司的一个AI浏览器。 The Browser Company of New York Dia 1.6之前版本存在安全漏洞,该漏洞源于全屏模式下缺少通知提示,可能导致用户被误导。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The Browser Company of New York | Dia | 0 ~ 1.6.0 | - |
II. Public POCs for CVE-2025-13132
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-13132
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-1021
- CVE-2026-3254
Improper Restriction of Rendered UI Layers or Frames in GitL - CVE-2026-2378
Address bar spoofing risk in ArcSearch on Android - CVE-2025-62328
HCL Nomad server on Domino is affected by a missing default - CVE-2025-58405
Lack of protection mechanisms against Clickjacking attacks - CVE-2026-27511
Tenda F3 Clickjacking in Web Management Interface
V. Comments for CVE-2025-13132
No comments yet