CVE-2025-63387

Published Dec 18, 2025

Last updated 2 months ago

CVSS high 7.5

Overview

Description
Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous access to sensitive system configuration data. NOTE: The maintainer states that the endpoint is unauthenticated by design and serves as a bootstrap mechanism required for the dashboard initialization. They also state that the description inaccurately classifies the returned data as sensitive system configuration, stating that the data is non-sensitive and required for client-side rendering. No PII, credentials, or secrets are exposed.
Source
cve@mitre.org
NVD status
Modified
CNA Tags
disputed
Products
dify

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-284

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #AIsecurity AI’s Exposed Side Door: Dify Flaw (CVE-2025-63387) Leaks System Configs to Anonymous Users https://t.co/WC1Flsvt8U

    @Komodosec

    28 Jan 2026

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-63387 - medium 🚨 Dify v1.9.1 - Broken Access Control > Dify v1.9.1 contains an insecure permissions vulnerability caused by lack of authoriz... 👾 https://t.co/IzIMEkU4Ok @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    19 Dec 2025

    88 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. ⚠️⚠️ CVE-2025-63387: Unauthenticated Access to System Features in Dify /console/api/system-features API endpoint, authentication middleware 🔗FOFA Link: https://t.co/Sc4sSu3ZMJ 🎯85k+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Query: app="Dify

    @fofabot

    19 Dec 2025

    6065 Impressions

    16 Retweets

    79 Likes

    32 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2.CVE-2026-21866
  2. Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.CVE-2026-28288
  3. Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fixed in 1.13.0.CVE-2026-26023
  4. Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version 1.11.0 fixes the issue.CVE-2025-67732
  5. Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later.CVE-2025-56157

References

Sources include official advisories and independent security research.