Skip to main content

Dify CVE-2025-56157

CRITICAL
Use of Hard-coded Credentials (CWE-798)
2025-12-18 cve@mitre.org
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.1 HIGH

Static credentials give full DB compromise (C/I/A:H) with no auth, but AC:H because default configs (1.0.1+) do not expose port 5432, requiring non-default network exposure.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 05, 2026 - 03:29 vuln.today
CVE Published
Dec 18, 2025 - 19:16 cve.org
CRITICAL 9.8

DescriptionCVE.org

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later.

AnalysisAI

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 allow anyone who can reach the database port to authenticate with full read/write access to the backend datastore. Publicly available exploit code exists, though EPSS remains low (0.81%) and the vendor states the database port is not network-exposed by default in 1.0.1 and later, limiting realistic reach. There is no public exploit identified as actively used in the wild (not in CISA KEV).

Technical ContextAI

Dify is an open-source LLM application development platform (langgenius/dify, Node.js/Python stack) that ships a docker-compose deployment bundling a PostgreSQL 15 container. The root cause is CWE-798 (Use of Hard-Coded Credentials): the docker-compose.yaml embeds a static, well-known PostgreSQL username and password in its source repository, so every default deployment that leaves these values unchanged shares identical database credentials. PostgreSQL listens on TCP 5432; the vulnerability is only remotely reachable if that port is published to an accessible network, which the supplier reports is no longer the default mapping in releases 1.0.1 and later.

RemediationAI

Upgrade to Dify 1.0.1 or later (https://github.com/langgenius/dify/releases/tag/1.0.1), where the Docker configuration no longer exposes PostgreSQL by default; the corresponding change is in PR https://github.com/langgenius/dify/pull/15286 . Because the underlying default credentials still ship in docker-compose.yaml, also rotate the PostgreSQL username and password to unique strong values in your .env/compose configuration rather than relying on the shipped defaults. As compensating controls, ensure port 5432 is not published to any untrusted network (remove the ports mapping so the DB is only reachable on the internal Docker network - side effect: you lose direct external DB tooling access), and restrict host firewall rules to block inbound 5432 from outside the Docker host. These controls close the network path even where the default credentials remain unchanged.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2025-66570 CRITICAL POC
10.0 Dec 05

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allow

CVE-2026-47668 CRITICAL POC
10.0 Jun 05

Unauthenticated remote code execution in DbGate (npm package dbgate-serve, versions <= 7.1.8) lets remote attackers exec

CVE-2026-24841 CRITICAL POC
9.9 Jan 28

Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticate

CVE-2026-33309 CRITICAL POC
9.9 Mar 19

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar

CVE-2026-24740 CRITICAL POC
9.9 Jan 27

Critical access control flaw in Dozzle Docker log viewer allows users restricted by label filters to escape their scope

CVE-2026-42589 CRITICAL POC
9.8 May 07

Unauthenticated remote code execution in Gotenberg 8.29.1 allows network attackers to execute arbitrary OS commands via

Share

CVE-2025-56157 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy