216.73.217.139

CVE-2025-43854

· Published 28/04/2025 16:15 · Modified 28/04/2025 18:15

Labels: CVE-2025-43854 2025-04-28CVE-2025-43854CWE-1021[email protected]

Essential information

Published
28/04/2025 16:15
Modified
28/04/2025 18:15
Author
Creator
CVSS
2.3 LOW (v3) 2.3 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to unauthorized actions being performed, potentially compromising the security and privacy of users. This issue has been fixed in version 1.3.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dify / dify cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*

References