CVE-2025-0184

MEDIUM LAB

langgenius/dify < 0.11.0 - Server-Side Request Forgery via DOCX External Relationship

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-0184. PoCs published by m0d0ri205.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2025-0184, an SSRF vulnerability in DOCX file processing. The exploit generates malicious DOCX files with embedded SSRF payloads targeting an internal admin service.

Description

A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests' module instead of the 'ssrf_proxy', leading to an SSRF vulnerability. This issue was fixed in version 0.11.0.

Exploits (1)

nomisec WORKING POC 1 stars
by m0d0ri205 · poc
https://github.com/m0d0ri205/wargame_Re-LS

This repository contains a working PoC for CVE-2025-0184, an SSRF vulnerability in DOCX file processing. The exploit generates malicious DOCX files with embedded SSRF payloads targeting an internal admin service.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: langgenius/dify (DOCX processing component)
No auth needed
Prerequisites: Ability to upload DOCX files to the target system · Network access to the vulnerable service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0044
EPSS Percentile 34.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull portainer/portainer-ce:latest

Details

CWE
CWE-918
Status published
Products (1)
langgenius/dify < 0.11.0
Published Mar 20, 2025
Tracked Since Feb 18, 2026