Description

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A patched version has not been released. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13.

INFO

Published Date :

2025-04-18T12:15:11.487Z

Last Modified :

2025-04-18T13:48:27.073Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32790 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32790.

URL Resource
https://github.com/langgenius/dify/commit/59ad091e69736bc9dc1a3bace62ec0a232346246 cve-icon cve-icon
https://github.com/langgenius/dify/pull/5841 cve-icon cve-icon
https://github.com/langgenius/dify/security/advisories/GHSA-jp6m-v4gw-5vgp cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact