CNNVD-202509-3989 Information

CNNVD ID

CNNVD-202509-3989

Related CVE

CVE-2025-59422

• CNNVD Published: 2025-09-25

Description (Chinese)

dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.8.1版本存在安全漏洞，该漏洞源于/console/api/apps/<APP_ID>chat-messages端点访问控制不当，可能导致同一工作区用户读取其他用户的聊天消息。

Description (English)

Diffy is an open source LLM application development platform for LangGenius open source. There is a security loophole in version 1.8.1, which stems from inadequate access controls at the end point of chat-messages, which may lead users in the same workspace to read chat messages from other users.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

LangGenius

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/langgenius/dify/commit/b2d8a7eaf1693841411934e2056042845ab4f354 https://github.com/langgenius/dify/security/advisories/GHSA-jg5j-c9pq-w894

Patch

https://github.com/langgenius/dify/releases