9.8
CVE-2025-56157
- EPSS 0.79%
- Veröffentlicht 18.12.2025 00:00:00
- Zuletzt bearbeitet 05.07.2026 02:16:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Langgenius ≫ Dify SwPlatformnode.js Version <= 1.5.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.519 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://github.com/langgenius/dify
https://gist.github.com/Cristliu/216ddbadaf3258498c93d408683ecabd
https://gist.github.com/Cristliu/298f51cbc72c45d91632cd0d65aa8161
https://github.com/langgenius/dify/releases/tag/1.0.1
https://github.com/langgenius/dify/issues/15285
https://github.com/langgenius/dify/pull/15286
https://github.com/langgenius/dify/pull/15286.diff