CVE-2025-57769: Php Csp Missing Frame Ancestors
The Content-Security-Policy (CSP) declaration is missing the 'frame-ancestors' directive. This allows the application to be embedded within an iframe on external domains, making it vulnerable to clickjacking (UI redressing) attacks. Ensure that 'frame-ancestors' is explicitly set (e.g., to 'none', 'self', or trusted URIs) when defining a CSP.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
PHPβ
PHPβgreprules fetch cve-2025-57769-php-csp-missing-frame-ancestors --engine opengrepDescription
The Content-Security-Policy (CSP) declaration is missing the 'frame-ancestors' directive. This allows the application to be embedded within an iframe on external domains, making it vulnerable to clickjacking (UI redressing) attacks. Ensure that 'frame-ancestors' is explicitly set (e.g., to 'none', 'self', or trusted URIs) when defining a CSP.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0