CVE-2025-43862

Name of the Vulnerable Software and Affected Versions Dify versions prior to 0.6.12

Description The issue concerns an access control flaw in Dify, an open-source LLM app development platform. This flaw allows non-admin users to make unauthorized access and changes to APPs, despite the web UI of APP orchestration not being presented to normal users.

Recommendations For versions prior to 0.6.12, update to version 0.6.12 to resolve the issue. As a temporary workaround, consider updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.