Brave Browser Vulnerability Allows Malicious Website Appears as Trusted One

A security vulnerability has been identified in Brave Browser, potentially allowing malicious websites to masquerade as trusted ones during file upload or download operations.

The issue, tracked under CVE-2025-23086, affects specific versions of the Brave browser on desktop platforms, creating a risk for unsuspecting users.

Brave Browser Vulnerability

The vulnerability impacts Brave Browser versions 1.70.x to 1.73.x. A feature intended to display a website’s origin in the operating system’s file selector dialog failed to correctly infer the origin in certain scenarios.

This flaw, when exploited alongside an open redirector vulnerability on a trusted website, could allow malicious actors to initiate file downloads that appear to originate from the trusted site.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

For example, if a user interacts with a malicious website leveraging an open redirect on a legitimate, trusted domain, the ...