CVE-2025-1796

HIGH

langgenius/dify <0.10.1 - Privilege Escalation

Title source: llm

Description

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker with access to workflow tools can extract the PRNG output and predict future password reset codes, leading to a complete compromise of the application.

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/a60f3039-5394-4e22-8de7-a7da9c6a6e00

Scores

CVSS v3 8.8

EPSS 0.0040

EPSS Percentile 60.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-338

Status published

Products (1)

langgenius/dify 0.10.1

Published Mar 20, 2025

Tracked Since Feb 18, 2026