313 matches found
CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...
CVE-2025-32796
Dify (open‑source LLM app platform) prior to version 0.6.12 is affected by an access control flaw where normal users can enable/disable apps via the API despite UI restrictions. The root cause is an insufficiently enforced permissions model, allowing non‑admin changes that can disrupt app functio...
CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...
CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...
CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...
CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...
CVE-2025-32795
CVE-2025-32795 affects Dify, an open-source LLM app development platform. Prior to version 0.6.12, a misconfigured access control allowed normal/non-admin users to edit app details (names, descriptions, icons) despite not having permission to view apps, compromising integrity. Root cause: insuffi...
CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...
CVE-2025-32790
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...
CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...
CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...
CVE-2025-32790
CVE-2025-32790 affects Dify versions 0.6.8 and earlier. The vulnerability allows normal users to export APP DSL via the /export feature due to insufficient access control. Root cause: improper permission checks enabling export without admin privileges. Documented impacts indicate potential exposu...
CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...
PT-2025-17317 · Dify · Dify
Name of the Vulnerable Software and Affected Versions: Dify versions prior to 0.6.12 Description: A security issue was identified in Dify, an open-source LLM app development platform, where normal users are improperly granted permissions to edit app names, descriptions, and icons. This access...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from the fact that a normal user can enable or disable the app via the API...
PT-2025-17294 · Dify · Dify
Name of the Vulnerable Software and Affected Versions: Dify versions 0.6.8 and prior Description: A vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in "/export" should only allow administrator users to export DSL...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from a regular user being incorrectly granted permission to edit the app name and description...
PT-2025-17318 · Dify · Dify
Name of the Vulnerable Software and Affected Versions: Dify versions prior to 0.6.12 Description: A vulnerability was identified in Dify, an open-source LLM app development platform, where normal users can enable or disable apps through the API, despite not being permitted to make such changes...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify version 0.6.8 and earlier, which stems from a common user being incorrectly granted permission to export an APP DSL...
CVE-2025-29720
Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...