Ddos 
Dify, the popular open-source platform used by developers to build Large Language Model (LLM) applications and RAG pipelines, has patched a high-severity vulnerability that could leave administrators footing the bill for unauthorized AI usage. The flaw, tracked as CVE-2025-67732, forces the application to reveal sensitive API keys in plaintext to frontend users, effectively bypassing administrative controls.
With a CVSS score of 8.4, the vulnerability highlights a critical failure in data masking, turning the platform’s intuitive interface into a potential credential vending machine for malicious insiders.
Dify is designed to streamline the move from “prototype to production” by managing agents, workflows, and model configurations. However, it appears the platform was a little too transparent with its configuration data.
The issue resides in the backend API endpoint /console/api/workspaces/current/model-providers. This endpoint is responsible for returning configuration details to the user interface. Unfortunately, instead of redacting sensitive credentials, it returns the full configuration object—including the private API keys for third-party providers like OpenAI.
A typical response from the vulnerable endpoint includes the custom_configuration block where the api_key sits unprotected in a standard JSON field: “api_key”: “<plaintext_api_key>”.
The vulnerability allows “non-administrator users” to view these keys, meaning anyone with access to the Dify console can potentially harvest credentials managed by the administrator.
According to the disclosure, an attacker doesn’t need sophisticated tools—just a web browser. By simply opening the Developer Tools and inspecting network requests while navigating the “Plugins” page, a user can locate the request to the model-providers endpoint. Inside the JSON response, the plaintext key is waiting to be extracted from custom_configuration.custom_models[0].credentials.api_key.
The impact of this exposure is financial and operational. API keys are the currency of the LLM economy, and exposing them allows attackers to:
- Consume Quotas: Use the administrator’s paid tier on third-party services for their own purposes.
- Bypass Authorization: Access models and services they shouldn’t have rights to.
- Incur Costs: Rack up usage fees that effectively cause “service disruptions” or financial loss for the organization hosting Dify.
The vulnerability affects Dify versions 1.10.1-fix.1 and earlier.
The development team has addressed the issue in the latest release. Users are strongly urged to upgrade their instances to version 1.11.0 immediately to ensure that their API keys remain secret.
Related Posts:
- AI’s Exposed Side Door: Dify Flaw (CVE-2025-63387) Leaks System Configs to Anonymous Users
- GitHub admitted to record some Plaintext Passwords in Its Internal Logs
- AI Demand Struggles: Microsoft Slashes Enterprise AI Sales Quotas by Up to 50%
- OpenAI Increases ChatGPT Plus Quotas, Doubling Limits for o3 and o4-mini Models
Donate