LINE iOS Client Man-in-the-Middle Vulnerability Due to Improper SSL/TLS Certificate Validation

Vulnerability

A man-in-the-middle vulnerability has been identified in the LINE client for iOS, affecting versions prior to 15.4. This issue arises from improper SSL/TLS certificate validation within an integrated financial SDK, which disrupts the application's network processing. As a result, server certificate verification is disabled for a large portion of network traffic. This flaw could enable a network-adjacent attacker to intercept or modify encrypted communications.

Impact

Exploitation of this vulnerability could lead to interception or modification of encrypted communications between the LINE client and servers, allowing attackers to conduct man-in-the-middle attacks.

Added: Dec 15, 2025, 7:21 AM

Updated: Dec 15, 2025, 7:21 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.0

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.0

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LINE iOS Client Man-in-the-Middle Vulnerability Due to Improper SSL/TLS Certificate Validation

Vulnerability

Impact

Affected Products

LINE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating