Dify
CVE-2025-56157
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Static credentials give full DB compromise (C/I/A:H) with no auth, but AC:H because default configs (1.0.1+) do not expose port 5432, requiring non-default network exposure.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later.
AnalysisAI
Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 allow anyone who can reach the database port to authenticate with full read/write access to the backend datastore. Publicly available exploit code exists, though EPSS remains low (0.81%) and the vendor states the database port is not network-exposed by default in 1.0.1 and later, limiting realistic reach. There is no public exploit identified as actively used in the wild (not in CISA KEV).
Technical ContextAI
Dify is an open-source LLM application development platform (langgenius/dify, Node.js/Python stack) that ships a docker-compose deployment bundling a PostgreSQL 15 container. The root cause is CWE-798 (Use of Hard-Coded Credentials): the docker-compose.yaml embeds a static, well-known PostgreSQL username and password in its source repository, so every default deployment that leaves these values unchanged shares identical database credentials. PostgreSQL listens on TCP 5432; the vulnerability is only remotely reachable if that port is published to an accessible network, which the supplier reports is no longer the default mapping in releases 1.0.1 and later.
RemediationAI
Upgrade to Dify 1.0.1 or later (https://github.com/langgenius/dify/releases/tag/1.0.1), where the Docker configuration no longer exposes PostgreSQL by default; the corresponding change is in PR https://github.com/langgenius/dify/pull/15286 . Because the underlying default credentials still ship in docker-compose.yaml, also rotate the PostgreSQL username and password to unique strong values in your .env/compose configuration rather than relying on the shipped defaults. As compensating controls, ensure port 5432 is not published to any untrusted network (remove the ports mapping so the DB is only reachable on the internal Docker network - side effect: you lose direct external DB tooling access), and restrict host firewall rules to block inbound 5432 from outside the Docker host. These controls close the network path even where the default credentials remain unchanged.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allow
Unauthenticated remote code execution in DbGate (npm package dbgate-serve, versions <= 7.1.8) lets remote attackers exec
Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticate
An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar
Critical access control flaw in Dozzle Docker log viewer allows users restricted by label filters to escape their scope
Unauthenticated remote code execution in Gotenberg 8.29.1 allows network attackers to execute arbitrary OS commands via
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today