- Home
- Alerts & Advisories
- Alerts
- Vulnerability in DuckDuckGo Browser for Android
Vulnerability in DuckDuckGo Browser for Android
8 October 2025
CSA has issued 1 CVE ID to a vulnerability in DuckDuckGo Browser for Android. Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.
Background
DuckDuckGo has released security updates to address a vulnerability (CVE-2025-48464) in their browser.
Impact
CVE-2025-48464: Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.
Affected Products
The vulnerability affects DuckDuckGo Browser versions 5.246.0 and below on Android 13 and earlier.
Mitigation
Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.
Credits
CSA would like to express appreciation to Mr Leng Kang Hao, who discovered the vulnerability.
CSA would also like to thank DuckDuckGo for the collaboration on the coordinated disclosure of the vulnerability.
References