CVE-2025-32790

Name of the Vulnerable Software and Affected Versions Dify versions 0.6.8 and prior

Description A vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in "/export" should only allow administrator users to export DSL.

Recommendations For versions 0.6.8 and prior, update the access control mechanisms to enforce stricter user role permissions and implement role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. Update to version 0.6.13 to fix the vulnerability.