Tuesday, September 2, 2025

Link preview mismatch CVE-2025-56139

Security Advisory: LinkedIn Link Preview Mismatch Enables Deception and Phishing Attacks.

CVE ID: CVE-2025-56139

Affected Platform: LinkedIn Mobile Application

Affected versions: Android 4.1.1110 (Sep 2025) and earlier

Overview

A vulnerability was discovered in the LinkedIn mobile application that allows attackers to exploit link preview mismatches.
When a user posts a link and later replaces it with a malicious URL before publishing, LinkedIn fails to regenerate the preview. This creates a visual mismatch between what users see (trusted preview) and the actual malicious destination.

Security Impact

  • User Deception: Victims trust legitimate-looking previews generated by LinkedIn.
  • Phishing & Credential Theft: Attackers can redirect users to fake login portals.
  • Data Theft: Sensitive data, personal credentials, or corporate logins may be stolen.
  • Malware Delivery: Victims may be redirected to malicious websites hosting spyware/ransomware.
  • Exploitation via Ads: Attackers can amplify reach using LinkedIn’s advertising system.

Technical Details

  • LinkedIn uses Open Graph tags to fetch preview metadata.
  • The preview is generated only when the first URL is pasted.
  • If the URL is later replaced before publishing, LinkedIn does not re-fetch metadata.
  • This creates a mismatch between preview content and the actual link destination.

Platform-Specific Behavior

  • LinkedIn Mobile App: Vulnerable (retains old preview).
  • LinkedIn Web Version: Preview updates correctly (not vulnerable).

This confirms the issue is app-specific and aligns with CWE-451 (UI misrepresentation).

Responsible Disclosure

I previously reported this issue via LinkedIn’s bug bounty program (HackerOne). The report was closed as Informative. 

Date: July 2, 2025 

Report ID: #3235035

Recommendations for LinkedIn

  • Invalidate and regenerate previews whenever a link is replaced.
  • Provide UI warnings when URLs are changed after preview generation.
  • Ensure the actual destination URL is clearly visible to users before they click, whether or not a link preview is displayed.

Researcher: Aiman Al-Hadhrami – Independent Cybersecurity Researcher


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)