CVE-2025-56157
Modified Modified - Updated After Analysis

BaseFortify

Vulnerability report for CVE-2025-56157, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-18

Last updated on: 2026-07-05

Assigner: MITRE

Description

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-18
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2025-12-18
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
langgenius dify 1.5.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-56157 is a high-severity vulnerability in Dify versions up to 1.5.1 caused by hardcoded default PostgreSQL credentials in the docker-compose.yaml file. The PostgreSQL service uses the default username 'postgres' and password 'difyai123456'. If the PostgreSQL port 5432 is exposed to the internet or untrusted networks, attackers can remotely connect to the database using these credentials, gaining unauthorized access. [2]

Impact Analysis

This vulnerability can allow attackers to remotely connect to the PostgreSQL database using default credentials, leading to unauthorized access. Consequences include sensitive data disclosure, privilege escalation, and potentially remote code execution on the database container or host. Attackers can read, modify, or delete data and execute arbitrary system commands by exploiting PostgreSQL features or known vulnerabilities. [2]

Detection Guidance

You can detect this vulnerability by scanning your network for exposed PostgreSQL services on port 5432. Then, attempt to connect to the PostgreSQL database using the default credentials: username "postgres" and password "difyai123456". For example, use the command: psql -h <host> -p 5432 -U postgres -W and enter the password "difyai123456". If you can connect successfully, your system is vulnerable. [2]

Mitigation Strategies

Immediate mitigation steps include changing the default PostgreSQL credentials to strong, unique passwords in the docker-compose.yaml or environment files, restricting network access by binding port 5432 only to localhost or removing external port mappings, and updating Dify to versions that address this issue or provide secure default configurations. [2]

Compliance Impact

The vulnerability allows unauthorized access to sensitive data due to default PostgreSQL credentials, which can lead to data disclosure and privilege escalation. This unauthorized access and potential data breach can result in non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding sensitive information and preventing unauthorized access. Therefore, the vulnerability negatively impacts compliance with these common standards and regulations. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56157. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart