CVE-2025-0185

Name of the Vulnerable Software and Affected Versions Dify Tools versions prior to the fixed version

Description A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function vn.get training plan generic(df information schema), which does not properly sanitize user inputs before executing queries using the Pandas library. This can potentially lead to Remote Code Execution (RCE) if exploited.

Recommendations As a temporary workaround, consider disabling the vn.get training plan generic function until a patch is available. Restrict access to the Vanna module to minimize the risk of exploitation. Avoid using unsanitized inputs in the df information schema variable until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.