CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1796: Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify

7.5 CVSS

Description

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker with access to workflow tools can extract the PRNG output and predict future password reset codes, leading to a complete compromise of the application.

Classification

CVE ID: CVE-2025-1796

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Affected Products

Vendor: langgenius

Product: langgenius/dify

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.77% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1796
https://huntr.com/bounties/a60f3039-5394-4e22-8de7-a7da9c6a6e00

Timeline

2025-03-20 11:40:53 UTC
CVE

Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify