CVE-2025-56520

Medium CVSS: 5.3

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720.

Vendor

Dify

Product

Dify

CWE

CWE-918

Yayın Tarihi

2025-09-30 17:15:41

Güncelleme

2025-10-07 13:20:03

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-918 Dify MEDIUM Dify 2025

Referanslar

https://github.com/langgenius/dify/issues/22532

Benzer Kayıtlar

Medium

CVE-2026-21866

Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rend…

Medium

CVE-2026-28288

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-exi…

Medium

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been foun…

High

CVE-2025-67732

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the…

High

CVE-2025-0185

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in…

High

CVE-2024-11822

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due…