CVE-2025-56157
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langgenius | dify | 1.5.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-56157 is a high-severity vulnerability in Dify versions up to 1.5.1 caused by hardcoded default PostgreSQL credentials in the docker-compose.yaml file. The PostgreSQL service uses the default username 'postgres' and password 'difyai123456'. If the PostgreSQL port 5432 is exposed to the internet or untrusted networks, attackers can remotely connect to the database using these credentials, gaining unauthorized access. [2]
How can this vulnerability impact me? :
This vulnerability can allow attackers to remotely connect to the PostgreSQL database using default credentials, leading to unauthorized access. Consequences include sensitive data disclosure, privilege escalation, and potentially remote code execution on the database container or host. Attackers can read, modify, or delete data and execute arbitrary system commands by exploiting PostgreSQL features or known vulnerabilities. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by scanning your network for exposed PostgreSQL services on port 5432. Then, attempt to connect to the PostgreSQL database using the default credentials: username "postgres" and password "difyai123456". For example, use the command: psql -h <host> -p 5432 -U postgres -W and enter the password "difyai123456". If you can connect successfully, your system is vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing the default PostgreSQL credentials to strong, unique passwords in the docker-compose.yaml or environment files, restricting network access by binding port 5432 only to localhost or removing external port mappings, and updating Dify to versions that address this issue or provide secure default configurations. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to sensitive data due to default PostgreSQL credentials, which can lead to data disclosure and privilege escalation. This unauthorized access and potential data breach can result in non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding sensitive information and preventing unauthorized access. Therefore, the vulnerability negatively impacts compliance with these common standards and regulations. [2]