CVE-2025-3466

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/langgenius/dify/commit/1be0d26c1feb4bcbbdd2b4ae4eeb25874aadaddb	Patch
https://huntr.com/bounties/f8dc17a3-5536-4944-a680-24070903cd2d	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:langgenius:dify:*:*:*:*:*:node.js:*:*

History

10 Jul 2025, 15:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 10:15

Updated : 2025-07-10 15:01

NVD link : CVE-2025-3466

Mitre link : CVE-2025-3466

CVE.ORG link : CVE-2025-3466

JSON object : View

Products Affected

langgenius

dify

CWE

CWE-1100

Insufficient Isolation of System-Dependent Functions

{"id": "CVE-2025-3466", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-07-07T10:15:27.640", "references": [{"url": "https://github.com/langgenius/dify/commit/1be0d26c1feb4bcbbdd2b4ae4eeb25874aadaddb", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/f8dc17a3-5536-4944-a680-24070903cd2d", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-1100"}]}], "descriptions": [{"lang": "en", "value": "langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3."}, {"lang": "es", "value": "Las versiones 1.1.0 a 1.1.2 de langgenius/dify son vulnerables a la entrada no saneada en el nodo de c\u00f3digo, lo que permite la ejecuci\u00f3n de c\u00f3digo arbitrario con permisos de root completos. La vulnerabilidad surge de la capacidad de anular funciones globales en JavaScript, como parseInt, antes de que se impongan las restricciones de seguridad del entorno de pruebas. Esto puede provocar acceso no autorizado a claves secretas, servidores de red internos y movimiento lateral dentro de dify.ai. El problema se ha resuelto en la versi\u00f3n 1.1.3."}], "lastModified": "2025-07-10T15:01:31.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:langgenius:dify:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "C0CE6D8A-1407-4D80-A035-FC2FD9B610CB", "versionEndExcluding": "1.1.3", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}