Cross-Site Scripting Vulnerability in Dify LLM Application Development Platform
CVE-2025-58747

2LOW

Key Information:

Vendor: Langgenius
Status: Dify
Vendor: CVE Published:; 17 October 2025

What is CVE-2025-58747?

Dify, a leading LLM application development platform, is susceptible to cross-site scripting due to a flaw in its MCP OAuth component. This vulnerability affects versions up to 1.9.1, allowing attackers to exploit the OAuth flow. When a victim connects to an attacker-controlled MCP server, the maliciously crafted server can pass an unvalidated authorization_url directly to the window.open function. This oversight enables an attacker to execute arbitrary JavaScript within the Dify application context, potentially compromising user data and application integrity. To mitigate risks, it is essential for users to upgrade to the latest version and implement secure coding practices in OAuth flows.

Affected Version(s)

dify <= 1.9.1

References

https://github.com/langgenius/dify/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/langgenius/dify/commit/bfda4ce7e6f39d4...

x_refsource_MISC

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Sep 4, 2025

JSON

Langgenius

What is CVE-2025-58747?

Affected Version(s)

References

CVSS V4

Timeline