CVE-2025-15032

HIGH
2026-01-16 59469e6c-7ea7-446f-8e43-06aa32c115e8
7.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 16, 2026 - 19:16 nvd
HIGH 7.4

Tags

Windows macOS

Description

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site.

Analysis

blank indicator in custom-sized new windows in Dia versions up to 1.9.0 is affected by improper restriction of rendered ui layers or frames (CVSS 7.4).

Technical Context

This vulnerability (CWE-1021: Improper Restriction of Rendered UI Layers or Frames) affects blank indicator in custom-sized new windows in Dia. Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site.

Affected Products

Product: blank indicator in custom-sized new windows in Dia. Versions: up to 1.9.0.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +37
POC: 0

Share

CVE-2025-15032 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy