Clickjacking Vulnerability in DIFY Application by Lang Genius
CVE-2025-43854
2.3LOW
What is CVE-2025-43854?
The DIFY open-source LLM app development platform contains a clickjacking vulnerability in its default setup prior to version 1.3.0. This flaw enables malicious actors to manipulate the web interface, deceiving users into unintentionally clicking on concealed elements. As a result, unauthorized actions can be performed, potentially jeopardizing users' security and privacy. Users are advised to update to version 1.3.0 to mitigate this risk.
Affected Version(s)
dify < 1.3.0