CVE-2025-56157 Security Advisory - Default Credentials in Dify

00Publication_CVE-2025-56157-Disclosure.md

Security Advisory: CVE-2025-56157 - Default Credentials in Dify

CVE ID: CVE-2025-56157 Date: 12/18/2025 Vendor: LangGenius (Dify) Product: Dify Affected Versions: <= v1.5.1 Vulnerability Type: Insecure Permissions / Default Credentials Severity: High (Remote Code Execution, Privilege Escalation, Information Disclosure)

Summary

Dify versions up to and including 1.5.1 contain a critical security vulnerability where the PostgreSQL database is configured with hardcoded default credentials in the docker/docker-compose.yaml file. If the PostgreSQL port (5432) is exposed to the internet or an untrusted network, an attacker can gain unauthorized access to the database, leading to sensitive data leakage, privilege escalation, and potentially remote code execution.

Vulnerability Details

The vulnerability stems from the inclusion of default credentials for the PostgreSQL database service within the source code's docker-compose.yaml configuration file.

• Component: docker/docker-compose.yaml, PostgreSQL Database
• Parameter: PGUSER and POSTGRES_PASSWORD
• Default Username: postgres
• Default Password: difyai123456

Attackers scanning for exposed PostgreSQL services (port 5432) can attempt to authenticate using these known default credentials.

Attack Vector & Impact

Attack Type: Remote

1. Reconnaissance: An attacker identifies a host running Dify with port 5432 exposed to the network.
2. Access: The attacker connects to the PostgreSQL service using the default credentials found in the public source code.
3. Exploitation:
   • Information Disclosure: The attacker can read, modify, or delete sensitive data stored in the Dify database.
   • Privilege Escalation & RCE: By leveraging known PostgreSQL features or vulnerabilities (such as CVE-2019-9193), an attacker with superuser access (which postgres often is) can execute arbitrary system commands on the database container/host.

Attack Flow Diagram

graph TD
    A[Attacker] -->|Scans Port 5432| B(Target Server running Dify)
    B -->|Port Open| C{Auth Check}
    A -->|Uses Default Creds: postgres/difyai123456| C
    C -->|Success| D[PostgreSQL Database Access]
    D -->|SQL Queries| E[Sensitive Data Leak]
    D -->|COPY PROGRAM / Extensions| F[Remote Code Execution]

Loading

Proof of Concept (Description)

1. Deploy Dify using the default docker-compose.yaml from a version <= 1.5.1 without modifying the environment variables.
2. Ensure port 5432 is accessible (e.g., mapped to the host interface).
3. From a remote machine, execute:

   psql -h <TARGET_IP> -p 5432 -U postgres

4. When prompted for a password, enter: difyai123456
5. Successful login confirms the vulnerability.

Proof of Concept Images

Figure 1: Default Configuration showing hardcoded credentials

Figure 2: Exposing port 5432 in docker-compose

Figure 3: Successful connection using default credentials

Figure 4: Accessing sensitive data

Mitigation

Users are advised to take the following steps immediately:

1. Change Default Credentials: Modify the docker-compose.yaml or .env file to use strong, unique passwords for POSTGRES_PASSWORD and other sensitive variables.
2. Restrict Network Access: Ensure that the PostgreSQL port (5432) is NOT exposed to the public internet. Modify the ports section in docker-compose.yaml to bind only to localhost (e.g., 127.0.0.1:5432:5432) or remove the port mapping entirely if external access is not required.
3. Update Dify: Check for newer versions of Dify that may address this configuration issue or provide secure-by-default setups.

References

• Vendor Repository: https://github.com/langgenius/dify
• CVE Record: CVE-2025-56157 (Reserved)
• Related Discussion: langgenius/dify#26306

Credits

Discovered and reported by Zhihuang Liu (herecristliu@gmail.com)

1.png

2.png

3.png

4.png