Ultimate Guide: CVE-2025-65922 - Planka Clickjacking Vulnerability

CVE ID : CVE-2025-65922 Published : Jan. 5, 2026, 6:15 p.m. | 52 minutes ago Description : PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka application on a malicious site to establish false trust (UI Redressing), potentially tricking users into entering sensitive information or credentials into overlaid fake forms. NOTE: this is disputed by the Supplier because

Source: Telegram CVE Monitor