一、 漏洞 CVE-2025-15032 基础信息

                                        # CVE-2025-15032：新窗口缺少about:blank spoofing风险

## 概述
Dia for macOS 在版本 1.9.0 之前存在一个缺失的 about:blank 指示缺陷，可能导致窗口标题欺骗。

## 影响版本
Dia for macOS 1.9.0 之前的版本

## 细节
当创建自定义大小的新窗口时，系统未正确显示 about:blank 的上下文指示。攻击者可利用此漏洞在窗口标题中伪造可信域名。

## 影响
攻击者可通过伪造窗口标题误导用户，使其误认为当前处于可信网站，导致用户信任恶意内容。
                                        

二、漏洞 CVE-2025-15032 的公开POC

三、漏洞 CVE-2025-15032 的情报信息

• 标题： Dia Browser | Security Bulletins -- 🔗来源链接

  标签：

  神龙速读：

                                          ## Vulnerability Information from the Screenshot
  
  ### CVE-2025-15032: Increased Spoofing Risk; Custom New Window Missing about:blank
  
  - **Summary**: Increased spoofing risk in affected macOS versions of Dia.
  - **CVE ID**: CVE-2025-15032
  - **Advisory Release Date**: Fri, Jan 16, 2026
  - **Affected Version**: Dia version <1.9.0
  - **Severity**: High
  
  **Details**: 
  - An attacker-controlled site could open a new custom-sized window without displaying `about:blank` in the URL bar, potentially misleading users about the site.
  - Fixed in Dia version 1.9.1.
  
  ### CVE-2025-13132: Increased Spoof Risk; Missing Full Screen Toast
  
  - **Summary**: Increased spoof risk in affected macOS versions of Dia.
  - **CVE ID**: CVE-2025-13132
  - **Advisory Release Date**: Fri, Nov 21, 2025
  - **Affected Versions**: Dia versions <1.6
  - **Severity**: High
  
  **Details**: 
  - Sites could enter fullscreen mode without a fullscreen notification, potentially misleading users.
  - Fixed in Dia version 1.6.
  
  ### Additional Information
  
  - Both vulnerabilities have a severity rating of High with CVSS scores of 7.4 and 7.5 respectively.
  - Users should update to the latest Dia versions to mitigate these risks.
                                          

  
• https://nvd.nist.gov/vuln/detail/CVE-2025-15032

四、漏洞 CVE-2025-15032 的评论