PT-2025-18093 · Dify · Dify

H0J3N

+1

·

Published

2025-04-28

·

Updated

2025-04-28

·

CVE-2025-43854

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions DIFY versions prior to 1.3.0
Description A clickjacking issue was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to unauthorized actions being performed, potentially compromising the security and privacy of users.
Recommendations For versions prior to 1.3.0, update to version 1.3.0 to resolve the issue.

Exploit

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

CVE-2025-43854
GHSA-JHGQ-CX3F-VJ5P

Affected Products

Dify