Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Vulnerability in DuckDuckGo Browser for Android

8 October 2025

CSA has issued 1 CVE ID to a vulnerability in DuckDuckGo Browser for Android. Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.

Background

DuckDuckGo has released security updates to address a vulnerability (CVE-2025-48464) in their browser.

Impact

CVE-2025-48464: Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.

Affected Products

The vulnerability affects DuckDuckGo Browser versions 5.246.0 and below on Android 13 and earlier.

Mitigation

Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.

Credits

CSA would like to express appreciation to Mr Leng Kang Hao, who discovered the vulnerability.

CSA would also like to thank DuckDuckGo for the collaboration on the coordinated disclosure of the vulnerability.

References

https://tuxplorer.com/posts/dont-leave-me-outdated/

Back to top