CVE-2025-23086

Name of the Vulnerable Software and Affected Versions Brave Browser versions 1.70.x through 1.73.x

Description The issue arises from a feature that displays a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However, the origin is not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.

Recommendations For Brave Browser versions 1.70.x through 1.73.x, consider disabling the feature that shows a site's origin on the OS-provided file selector dialog until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.