CVE-2025-56157
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-18

Last updated on: 2025-12-19

Assigner: MITRE

Description
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-14
NVD
CVE-2025-56157
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langgenius dify 1.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-56157 is a high-severity vulnerability in Dify versions up to 1.5.1 caused by hardcoded default PostgreSQL credentials in the docker-compose.yaml file. The PostgreSQL service uses the default username 'postgres' and password 'difyai123456'. If the PostgreSQL port 5432 is exposed to the internet or untrusted networks, attackers can remotely connect to the database using these credentials, gaining unauthorized access. [2]

Impact Analysis

This vulnerability can allow attackers to remotely connect to the PostgreSQL database using default credentials, leading to unauthorized access. Consequences include sensitive data disclosure, privilege escalation, and potentially remote code execution on the database container or host. Attackers can read, modify, or delete data and execute arbitrary system commands by exploiting PostgreSQL features or known vulnerabilities. [2]

Detection Guidance

You can detect this vulnerability by scanning your network for exposed PostgreSQL services on port 5432. Then, attempt to connect to the PostgreSQL database using the default credentials: username "postgres" and password "difyai123456". For example, use the command: psql -h <host> -p 5432 -U postgres -W and enter the password "difyai123456". If you can connect successfully, your system is vulnerable. [2]

Mitigation Strategies

Immediate mitigation steps include changing the default PostgreSQL credentials to strong, unique passwords in the docker-compose.yaml or environment files, restricting network access by binding port 5432 only to localhost or removing external port mappings, and updating Dify to versions that address this issue or provide secure default configurations. [2]

Compliance Impact

The vulnerability allows unauthorized access to sensitive data due to default PostgreSQL credentials, which can lead to data disclosure and privilege escalation. This unauthorized access and potential data breach can result in non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding sensitive information and preventing unauthorized access. Therefore, the vulnerability negatively impacts compliance with these common standards and regulations. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56157. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart