VYPR
Medium severity6.1NVD Advisory· Published Jan 21, 2025· Updated Apr 15, 2026

CVE-2025-23086

CVE-2025-23086

Description

On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.

Affected products

2
  • Brave/Browserinferred2 versions
    >=1.70,<1.74+ 1 more
    • (no CPE)range: >=1.70,<1.74
    • (no CPE)range: 1.70.x - 1.73.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.