CVE-2025-63387
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-18

Last updated on: 2025-12-19

Assigner: MITRE

Description
Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous access to sensitive system configuration data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-19
Generated
2026-05-07
AI Q&A
2025-12-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-63387
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langgenius dify 1.9.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by sending an unauthenticated HTTP GET request to the /console/api/system-features endpoint on your Dify v1.9.1 system. For example, using curl: curl -X GET http://<target-ip-or-domain>/console/api/system-features If the response returns sensitive system configuration data without requiring authentication, the system is vulnerable. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the /console/api/system-features endpoint by implementing proper authentication and authorization checks. Ensure that the endpoint requires valid credentials or session tokens before granting access. Additionally, consider applying any available patches or updates from the vendor that address this insecure permissions issue. [1]


Can you explain this vulnerability to me?

This vulnerability in Dify version 1.9.1 allows an unauthenticated attacker to send HTTP GET requests directly to the /console/api/system-features endpoint without any authentication or session tokens. The endpoint lacks proper authorization checks, enabling anonymous access to sensitive system configuration data. This happens because the authentication middleware is not properly implemented on this API endpoint, leading to insecure permissions and an authentication bypass. [1]


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized disclosure of sensitive system configuration data. An attacker can access critical information about the system's features and settings without authentication, which may be used to further exploit the system or compromise its security. [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart