AI’s Exposed Side Door: Dify Flaw (CVE-2025-63387) Leaks System Configs to Anonymous Users

As the race to build the next generation of AI applications accelerates, a significant security gap has been uncovered in Dify, a popular open-source platform used by developers to create Large Language Model (LLM) workflows. A new vulnerability disclosure reveals that the platform inadvertently left a digital side door open, allowing any unauthenticated user on the internet to access sensitive internal configurations.

The vulnerability, tracked as CVE-2025-63387, carries a CVSS score of 7.5, marking it as a “High” severity risk for development teams moving from prototype to production.

The core of the issue lies in how the platform handles permissions for its system API. Specifically, Dify version 1.9.1 fails to enforce authentication checks on a critical endpoint: /console/api/system-features.

In a secure environment, accessing system-level data should require a valid session token or administrative credentials. However, this flaw allows an “unauthenticated attacker to directly send HTTP GET requests” to the endpoint and receive a full response.

“The endpoint fails to implement proper authorization checks, allowing anonymous access to sensitive system configuration data,” the advisory explains.

For attackers, configuration data is often the first step in a larger kill chain. By harvesting system features and settings, a threat actor can map out the target environment, identify enabled features, and look for further weak points to exploit.

The vulnerability is classified as an Information Disclosure risk, potentially exposing the internal workings of the LLM application infrastructure to unauthorized eyes.

Organizations running Dify v1.9.1 are advised to review their access controls immediately, as the “Insecure Permissions” flaw essentially rolls out a welcome mat for remote attackers.

Rate this post

Related Posts:

Found this helpful?

Leave a Reply Cancel reply