Cyber Posture

CVE-2025-1796

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0040 60.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to collect credentials.

Security Summary

CVE-2025-1796, published on 2025-03-20, is a vulnerability in langgenius/dify version 0.10.1 that stems from the use of a weak pseudo-random number generator (PRNG) for generating password reset codes. Specifically, the application employs Python's `random.randint` function, which is not cryptographically secure and is classified under CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator). This flaw enables attackers to crack the codes, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The attack requires low-privileged access (PR:L), such as to workflow tools within the application, allowing network-based exploitation (AV:N) without user interaction (UI:N). An attacker can extract PRNG output from these tools to predict subsequent password reset codes, facilitating unauthorized takeover of any account, including administrator accounts, and leading to full application compromise with high impacts on confidentiality, integrity, and availability.

Details on advisories, patches, and mitigation are available in the Huntr security bounty report at https://huntr.com/bounties/a60f3039-5394-4e22-8de7-a7da9c6a6e00.

Details

CWE(s)
CWE-338

Affected Products

langgenius
dify
0.10.1

AI Security Analysis

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Dify (langgenius/dify) is an open-source platform for building, deploying, and managing LLM-based AI applications and agents, aligning with Enterprise AI Assistants. The vulnerability is in the platform's authentication system, confirmed AI-related via AI/ML bug bounty context.

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
attack.mitre.org →
Why these techniques?

The weak PRNG in password reset codes can be exploited by attackers with workflow tool access to predict codes, enabling account takeover (including admin accounts) for privilege escalation (T1068) and credential access (T1212).

References