CVE-2025-56520

Name of the Vulnerable Software and Affected Versions Dify version 1.6.0

Description The software contains a Server-Side Request Forgery (SSRF) issue. This occurs due to improper validation within the controllers.console.remote files.RemoteFileUploadApi component. An attacker could potentially leverage this to make requests on behalf of the server, potentially accessing internal resources or performing unauthorized actions.

Recommendations Update to a newer version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.