Threat Guidances
Vulnerability
December 22, 2025

MultiApp-CVE-2025-14174

skull on phone

Lookout Coverage and Recommendation for Admins

Lookout will provide coverage for this vulnerability on December 23, 2025. To ensure your devices are protected from active exploitation of CVE-2025-14174, Lookout admins should take the following steps in their Lookout console:

  • Immediately set your mobile security policy to enforce minimum patched operating system versions to ensure browsers are updated to the following versions (Chrome 143.0.7499.109) and (Edge 143.0.3650.80) or higher.
  • Choose whether to immediately warn or block non-compliant devices from accessing work apps and data until their operating system or browser is updated. 
  • If your risk policies allow for a grace period, set the policy to escalate in severity and limitation to the user for a short period of time that aligns with your policies. 
  • Leverage mobile EDR to integrate mobile device and app vulnerability data into your SIEM, SOAR, or XDR solution for real-time monitoring of potential exploitation attempts.

Overview 

CISA has listed an actively exploited zero-day vulnerability, CVE-2025-14174 in its advisory for December 2025. This zero-day vulnerability has a High severity (CVSS ~8.8) and was discovered being exploited in the wild, likely as part of sophisticated mercenary spyware campaigns targeting high-profile individuals such as journalists and government officials. 

CVE-2025-14174 is a Memory Corruption vulnerability (Out-of-Bounds Memory Access in ANGLE), where the browser engine attempts to read data from or write data beyond the allowed limits of a memory buffer, leading to corruption. It can both be exploited using maliciously crafted web content to execute arbitrary code. This has been fixed with improved validation.

CISA has added this CVE to its Known Exploited Vulnerabilities (KEV) Catalog. Federal Civilian Executive Branch (FCEB) agencies are required to remediate CVE-2025-14174 by January 2, 2026. While CISA’s requirement is only for the U.S. government, enterprise organizations should use their guidance as a benchmark and devise an update plan of their own with a deadline for employees to update to the latest versions of the applicable operating system.

Lookout Analysis

The exploitation of this vulnerability typically follows these steps:

  1. Preparation: A threat actor crafts malicious web content designed to trigger the memory corruption flaw.
  2. Delivery: A target is directed to the content via a link in a message, email, or an embedded web view.
  3. Exploitation: The engine processes the content, triggering the flaw and allowing the attacker to execute arbitrary code to install spyware.
  4. Impact: The exploit can bypass platform protections to collect sensitive data, including messages, location, and microphone/camera access.

Authors

Lookout

Endpoint Security
Entry Type
Threat Guidances
Threat Type
Vulnerability
Platform(s) Affected
Threat Guidances
Vulnerability

Related Content

CVE-2025-43529

CVE-2025-43529 is an Use-After-Free (UAF) issue and occurs when a program uses a memory address after the memory has been released or reallocated.

Read Threat Article

MultiApp-CVE-2025-14174

CVE-2025-14174 is a Memory Corruption vulnerability (Out-of-Bounds Memory Access in ANGLE)

Read Threat Article

CVE-2025-48572 & CVE-2025-48633 Update

CVE-2025-48572 is an Elevation of Privilege (EoP) vulnerability

Read Threat Article
A woman using her phone and laptop on a train ride.

Lookout Mobile Endpoint Security

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Advanced mobile Endpoint Detection & Response powered by data from 185M+ apps and 200M+ devices on iOS, Android, ChromeOS.

Try Lookout for Free Today
Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell