CVE-2025-29720

Name of the Vulnerable Software and Affected Versions: Dify version 1.0

Description: The issue is related to a Server-Side Request Forgery (SSRF) via the component controllers.console.remote files.RemoteFileUploadApi. This allows for potential unauthorized access to internal resources.

Recommendations: For Dify version 1.0, consider disabling the RemoteFileUploadApi component until a patch is available to prevent potential SSRF attacks. Restrict access to the controllers.console.remote files module to minimize the risk of exploitation. Avoid using the RemoteFileUploadApi endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.