Login Sign Up

CVE-2025-32795

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

This CVE describes an improper access control vulnerability in Dify, an open-source LLM app development platform. Normal users can modify app names, descriptions, and icons despite lacking proper permissions, compromising application integrity. All Dify instances running versions before 0.6.12 are affected.

💻 Affected Systems

Products:
  • Dify
Versions: All versions prior to 0.6.12
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Dify deployments with normal user accounts; admin accounts are not impacted.

📦 What is this software?

Dify by Langgenius

View all CVEs affecting Dify →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious users could modify or deface critical applications, inject misleading information, or disrupt business operations by altering app metadata.

🟠

Likely Case

Unauthorized users tamper with app details, causing confusion, data integrity issues, or minor operational disruptions.

🟢

If Mitigated

With proper RBAC, only authorized admins can modify app details, preventing unauthorized changes.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated user access; no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.12

Vendor Advisory: https://github.com/langgenius/dify/security/advisories/GHSA-gg5w-m2vw-vmmj

Restart Required: Yes

Instructions:

1. Backup your Dify instance. 2. Update Dify to version 0.6.12 or later using your deployment method (e.g., Docker, Kubernetes, manual). 3. Restart the Dify services. 4. Verify the update by checking the version.

🔧 Temporary Workarounds

Manual RBAC Enforcement

all

Implement stricter role-based access controls to restrict app modification permissions to admin users only.

🧯 If You Can't Patch

  • Restrict user permissions manually in the Dify configuration to prevent non-admin users from accessing app modification features.
  • Monitor and audit app modification logs for unauthorized changes and implement alerting.

🔍 How to Verify

Check if Vulnerable:

Check the Dify version; if it is below 0.6.12, the system is vulnerable. Test with a non-admin user account to see if app details can be modified.

Check Version:

Check the Dify web interface or deployment logs for the version number, or run 'docker ps' if using Docker to inspect the container version.

Verify Fix Applied:

After updating to 0.6.12 or later, verify that non-admin users cannot modify app names, descriptions, or icons.

📡 Detection & Monitoring

Log Indicators:

  • Log entries showing app modifications by non-admin users
  • Unauthorized access attempts to app editing endpoints

Network Indicators:

  • HTTP POST requests to app modification endpoints from non-admin user accounts

SIEM Query:

source="dify_logs" AND (event="app_modified" OR endpoint="/api/apps/*") AND user_role!="admin"

📊 Metadata

CVE ID: CVE-2025-32795
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-284
EPSS Score: 0.18% exploit probability (40th percentile)
Published: April 18, 2025
Last Updated: June 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32795, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)