CVE-2025-58747

Low CVSS: 2.0

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorization_url provided by a remote MCP server is directly passed to window.open without validation or sanitization. An attacker can craft a malicious MCP server that returns a JavaScript URI (such as javascript:alert(1)) in the authorization_url field, which is then executed when the victim attempts to connect to the MCP server. This allows the attacker to execute arbitrary JavaScript in the context of the Dify application.

Vendor

Langgenius

Product

Dify

CWE

CWE-79

Yayın Tarihi

2025-10-17 16:15:38

Güncelleme

2025-10-29 19:16:27

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Dify LOW Langgenius 2025

Referanslar

https://github.com/langgenius/dify/commit/bfda4ce7e6f39d43a4420e97e23a18edcfe3e3d3 https://github.com/langgenius/dify/security/advisories/GHSA-9jch-j9qf-vqfw

Benzer Kayıtlar

High

CVE-2025-63387

Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to th…

Critical

CVE-2025-56157

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file inclu…

Critical

CVE-2025-63386

A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup en…

Critical

CVE-2025-63388

A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-f…

Medium

CVE-2025-11750

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning d…

Medium

CVE-2025-59422

Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /con…