CVE-2025-29720

CVE-2025-29720 affects Dify v1.0 with a Server-Side Request Forgery via controllers.console.remote_files.RemoteFileUploadApi. Root cause: SSRF in that API component. Impact per provided metrics: CVSS 3.1 base score 4.8 (Medium); attack vector Local, user interaction required; confidentiality, int...