CVE-2025-0185
Published: 20 March 2025
Description
Adversaries may abuse Python commands and scripts for execution.
Security Summary
CVE-2025-0185 is a Pandas Query Injection vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository, affecting the latest version. The flaw occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user inputs before executing queries via the Pandas library. Published on 2025-03-20, this issue is classified under CWE-94 (Code Injection) with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential remote code execution (RCE).
The vulnerability can be exploited by low-privileged remote attackers (PR:L) with network access (AV:N), requiring low attack complexity (AC:L) and no user interaction (UI:N). Exploitation involves injecting malicious queries through unsanitized inputs, enabling attackers to execute arbitrary code on the affected system and achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
Advisories and mitigation guidance are detailed in the Huntr bounty report at https://huntr.com/bounties/7d9eb9b2-7b86-45ed-89bd-276c1350db7e.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Dify (langgenius/dify) is an open-source enterprise platform for developing LLM applications and AI assistants, with the Vanna module enabling AI-powered text-to-SQL functionality; the vulnerability in its training plan generation is AI-related.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Pandas Query Injection vulnerability in Dify's Vanna module enables remote code execution via unsanitized inputs, exploiting public-facing applications (T1190) and facilitating arbitrary Python command execution (T1059.006).