1  info:
 2    name: dify
 3    cve: CVE-2025-56157
 4    summary: Dify contains default credentials in its docker-compose.yaml file, allowing unauthorized access.
 5    details: |
 6      The vulnerability in Dify (through version 1.5.1) is due to the inclusion of default PostgreSQL username and password within the `docker-compose.yaml` file in its source code. This allows attackers to gain unauthorized access to the database.
 7    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 8    severity: CRITICAL
 9    security_advise: |
10      1. Upgrade Dify to a version beyond 1.5.1, where this vulnerability is patched.
11      2. Immediately change the default PostgreSQL credentials specified in the `docker-compose.yaml` file to strong, unique passwords.
12      3. Ensure that your `docker-compose.yaml` file and other configuration files are not publicly accessible.
13  rule: version <= "1.5.1"
14  references:
15    - https://nvd.nist.gov/vuln/detail/CVE-2025-56157
16    - https://github.com/langgenius/dify/issues/15285
17    - https://github.com/langgenius/dify/pull/15286
18    - https://github.com/langgenius/dify/pull/15286.diff
19    - https://gist.github.com/Cristliu/216ddbadaf3258498c93d408683ecabd
20    - https://gist.github.com/Cristliu/298f51cbc72c45d91632cd0d65aa8161
21    - https://github.com/langgenius/dify
22    - https://github.com/langgenius/dify/releases/tag/1.0.1
23    - http://dify.com