Access Control Flaw in Dify App Development Platform by Langgenius

CVE-2025-43862

Summary

Dify, an open-source LLM app development platform, contains an access control vulnerability that permits non-admin users to access and modify APP orchestration features despite the web UI not being available for standard users. This flaw enables unauthorized access and alterations on the applications, which could result in security risks. It is essential to upgrade to version 0.6.12 and implement stricter access control measures, including role-based access controls (RBAC), to prevent such unauthorized actions and ensure that only users with administrative privileges can manage APP orchestration. Further details can be found in the related advisories.

References