CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-0185

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user inputs before executing queries using the Pandas library. This can potentially lead to Remote Code Execution (RCE) if exploited.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.2%

CVSS Severity

CVSS v3 Score 8.8

References

https://huntr.com/bounties/7d9eb9b2-7b86-45ed-89bd-276c1350db7e
https://huntr.com/bounties/7d9eb9b2-7b86-45ed-89bd-276c1350db7e

Products affected by CVE-2025-0185

Dify » Dify » Version: N/A

cpe:2.3:a:dify:dify:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-0185

Products

Pricing

Contact Us