CNNVD-202510-3064 Information
Oct 22, 2025
cve
CNNVD ID
CNNVD-202510-3064
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.6.0版本存在安全漏洞,该漏洞源于身份验证机制对不存在的账户和现有账户返回不同的错误消息,可能导致账户枚举攻击。
Description (English)
Diffy is an open source LLM application development platform for LangGenius open source. There is a security loophole in version 1.6.0, which arises out of different erroneous information returned by the identification mechanism to non-existent and existing accounts, which could lead to an attack on the account.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LangGenius
Published
2025-10-22
Last Modified
2026-02-24
References
https://huntr.com/bounties/e7359f9f-c004-4304-9de9-753622d370a1 https://access.redhat.com/security/cve/cve-2025-11750
Patch
https://github.com/langgenius/dify/releases
Share on: