CVE-2025-3467
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-10
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langgenius | dify | to 1.1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-3467 is a Cross-Site Scripting (XSS) vulnerability in langgenius/dify versions prior to 1.1.3 that specifically affects Firefox browsers. It occurs when an attacker sends a malicious payload in the published chat. When an administrator views this chat content through the monitoring or log function using Firefox, the XSS vulnerability is triggered, allowing the attacker to obtain the administrator's token. The root cause was improper sanitization of SVG content in the SVGRenderer component, which allowed malicious scripts embedded in SVG to execute. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing an attacker to steal the administrator's token when the administrator views malicious chat content in Firefox. With the administrator's token, the attacker could potentially gain unauthorized access to administrative functions or sensitive data, leading to a high impact on confidentiality, integrity, and availability of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can monitor published chat messages for suspicious SVG content that may contain malicious scripts. Since the vulnerability triggers when an administrator views chat content in Firefox, inspecting SVG payloads in chat logs is key. Commands to search for potentially malicious SVG content could include using grep or similar tools to find SVG tags in chat logs, for example: `grep -i '<svg' /path/to/chat/logs` or scanning for script tags within SVG content. Additionally, testing the application in Firefox by sending crafted SVG payloads in chat and observing if scripts execute can help confirm the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating langgenius/dify to version 1.1.3 or later, which includes the fix that sanitizes SVG content using the DOMPurify library to prevent XSS attacks. If updating is not immediately possible, restrict administrator access to the monitoring/log function in Firefox browsers and avoid viewing published chat content that may contain SVGs. Additionally, consider sanitizing or filtering SVG content in chat messages before rendering to prevent malicious scripts from executing. [1]