Vulnerability Details CVE-2025-32790
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.9%
CVSS Severity
CVSS v3 Score 6.3
References
Products affected by CVE-2025-32790
-
cpe:2.3:a:langgenius:dify:0.2.1
-
cpe:2.3:a:langgenius:dify:0.2.2
-
cpe:2.3:a:langgenius:dify:0.3.0
-
cpe:2.3:a:langgenius:dify:0.3.1
-
cpe:2.3:a:langgenius:dify:0.3.10
-
cpe:2.3:a:langgenius:dify:0.3.11
-
cpe:2.3:a:langgenius:dify:0.3.12
-
cpe:2.3:a:langgenius:dify:0.3.13
-
cpe:2.3:a:langgenius:dify:0.3.14
-
cpe:2.3:a:langgenius:dify:0.3.15
-
cpe:2.3:a:langgenius:dify:0.3.16
-
cpe:2.3:a:langgenius:dify:0.3.17
-
cpe:2.3:a:langgenius:dify:0.3.18
-
cpe:2.3:a:langgenius:dify:0.3.19
-
cpe:2.3:a:langgenius:dify:0.3.2
-
cpe:2.3:a:langgenius:dify:0.3.20
-
cpe:2.3:a:langgenius:dify:0.3.21
-
cpe:2.3:a:langgenius:dify:0.3.22
-
cpe:2.3:a:langgenius:dify:0.3.23
-
cpe:2.3:a:langgenius:dify:0.3.24
-
cpe:2.3:a:langgenius:dify:0.3.25
-
cpe:2.3:a:langgenius:dify:0.3.26
-
cpe:2.3:a:langgenius:dify:0.3.27
-
cpe:2.3:a:langgenius:dify:0.3.28
-
cpe:2.3:a:langgenius:dify:0.3.29
-
cpe:2.3:a:langgenius:dify:0.3.3
-
cpe:2.3:a:langgenius:dify:0.3.30
-
cpe:2.3:a:langgenius:dify:0.3.31
-
cpe:2.3:a:langgenius:dify:0.3.32
-
cpe:2.3:a:langgenius:dify:0.3.33
-
cpe:2.3:a:langgenius:dify:0.3.34
-
cpe:2.3:a:langgenius:dify:0.3.4
-
cpe:2.3:a:langgenius:dify:0.3.5
-
cpe:2.3:a:langgenius:dify:0.3.6
-
cpe:2.3:a:langgenius:dify:0.3.7
-
cpe:2.3:a:langgenius:dify:0.3.8
-
cpe:2.3:a:langgenius:dify:0.3.9
-
cpe:2.3:a:langgenius:dify:0.4.0
-
cpe:2.3:a:langgenius:dify:0.4.1
-
cpe:2.3:a:langgenius:dify:0.4.2
-
cpe:2.3:a:langgenius:dify:0.4.3
-
cpe:2.3:a:langgenius:dify:0.4.4
-
cpe:2.3:a:langgenius:dify:0.4.5
-
cpe:2.3:a:langgenius:dify:0.4.6
-
cpe:2.3:a:langgenius:dify:0.4.7
-
cpe:2.3:a:langgenius:dify:0.4.8
-
cpe:2.3:a:langgenius:dify:0.4.9
-
cpe:2.3:a:langgenius:dify:0.5.0
-
cpe:2.3:a:langgenius:dify:0.5.1
-
cpe:2.3:a:langgenius:dify:0.5.10
-
cpe:2.3:a:langgenius:dify:0.5.11
-
cpe:2.3:a:langgenius:dify:0.5.2
-
cpe:2.3:a:langgenius:dify:0.5.3
-
cpe:2.3:a:langgenius:dify:0.5.4
-
cpe:2.3:a:langgenius:dify:0.5.5
-
cpe:2.3:a:langgenius:dify:0.5.6
-
cpe:2.3:a:langgenius:dify:0.5.7
-
cpe:2.3:a:langgenius:dify:0.5.8
-
cpe:2.3:a:langgenius:dify:0.5.9
-
cpe:2.3:a:langgenius:dify:0.6.0
-
cpe:2.3:a:langgenius:dify:0.6.1
-
cpe:2.3:a:langgenius:dify:0.6.10
-
cpe:2.3:a:langgenius:dify:0.6.11
-
cpe:2.3:a:langgenius:dify:0.6.12
-
cpe:2.3:a:langgenius:dify:0.6.2
-
cpe:2.3:a:langgenius:dify:0.6.3
-
cpe:2.3:a:langgenius:dify:0.6.4
-
cpe:2.3:a:langgenius:dify:0.6.5
-
cpe:2.3:a:langgenius:dify:0.6.6
-
cpe:2.3:a:langgenius:dify:0.6.7
-
cpe:2.3:a:langgenius:dify:0.6.8
-
cpe:2.3:a:langgenius:dify:0.6.9