CVE-2025-32795

Name of the Vulnerable Software and Affected Versions Dify versions prior to 0.6.12

Description A security issue was identified in Dify, an open-source LLM app development platform, where normal users are improperly granted permissions to edit app names, descriptions, and icons. This access control flaw allows non-admin users to modify app details, posing a security risk to the integrity of the application.

Recommendations For versions prior to 0.6.12, update to version 0.6.12 to resolve the issue. As a temporary workaround, consider updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can modify app details.