{"id":"PYSEC-2025-103","details":"Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous access to sensitive system configuration data. NOTE: The maintainer states that the endpoint is unauthenticated by design and serves as a bootstrap mechanism required for the dashboard initialization. They also state that the description inaccurately classifies the returned data as sensitive system configuration, stating that the data is non-sensitive and required for client-side rendering. No PII, credentials, or secrets are exposed.","aliases":["CVE-2025-63387"],"modified":"2026-05-21T15:00:11.940055124Z","published":"2025-12-18T19:16:33.157Z","references":[{"type":"WEB","url":"https://gist.github.com/Cristliu/dfc5f3a31dc6d7fff2754867e5c649a5"},{"type":"ADVISORY","url":"https://gist.github.com/Cristliu/cddc0cbbf354de51106ab63a11be94af"},{"type":"REPORT","url":"https://github.com/langgenius/dify/discussions"},{"type":"REPORT","url":"https://github.com/langgenius/dify/issues/31368#issuecomment-3783712203"},{"type":"FIX","url":"https://github.com/langgenius/dify/pull/31392"},{"type":"FIX","url":"https://github.com/langgenius/dify/pull/31417"}],"affected":[{"package":{"name":"dify-client","ecosystem":"PyPI","purl":"pkg:pypi/dify-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.9.1"}]}],"versions":["0.1.10","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/dify-client/PYSEC-2025-103.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}