CVE-2025-0185 in difyinfo

Zusammenfassung

von MITRE • 20.03.2025

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user inputs before executing queries using the Pandas library. This can potentially lead to Remote Code Execution (RCE) if exploited.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

@huntr Ai

Reservieren

03.01.2025

Veröffentlichung

20.03.2025

Moderieren

akzeptiert

Eintrag

VDB-300355

CPE

bereit

CWE

CWE-94 (bestätigt)

CVSS

8.8 (CNA)

EPSS

0.03016

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-0185
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-0185
CVE Details	https://www.cvedetails.com/cve/CVE-2025-0185/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!