CVE-2025-29720: Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.
Description
Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.
Classification
CVE ID: CVE-2025-29720
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.01% (probability of being exploited)
EPSS Percentile: 1.07% (scored less or equal to compared to others)
EPSS Date: 2025-04-22 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-29720https://dify.ai
https://github.com/langgenius/dify/issues/15185