Platform
python
Component
langgenius/dify
CVE-2025-0185 describes a Pandas Query Injection vulnerability found in the Vanna module of Dify Tools, part of the langgenius/dify repository. This flaw allows attackers to potentially execute arbitrary code on the system due to insufficient input sanitization. The vulnerability impacts versions up to the latest release. A fix is expected to be released by the Dify Tools development team.
The Pandas Query Injection vulnerability in Dify Tools Vanna presents a significant security risk. An attacker can craft malicious input that, when processed by the vn.gettrainingplan_generic function, results in the execution of arbitrary code through the Pandas library. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The blast radius extends to any data processed by the Vanna module, potentially impacting sensitive training data or configurations. Successful exploitation could resemble attacks leveraging similar query injection vulnerabilities in other data processing tools, allowing for unauthorized access and control.
CVE-2025-0185 was publicly disclosed on 2025-03-20. The vulnerability is present in the langgenius/dify repository on GitHub. No public proof-of-concept (PoC) code has been released as of this writing, but the potential for RCE makes it a high-priority vulnerability. Its inclusion on KEV is pending. Monitor CISA advisories and the Dify Tools security page for updates.
Organizations utilizing Dify Tools Vanna for data processing and training, particularly those deploying it in production environments or handling sensitive data, are at risk. Specifically, those relying on the default configuration without implementing additional input validation measures are most vulnerable.
• python / server:
import pandas as pd
# Check for suspicious query patterns in user input before passing to Pandas
user_input = input("Enter your query:")
if "--" in user_input or "@" in user_input:
print("Invalid query detected.")
else:
df = pd.DataFrame({'col1': [1, 2], 'col2': [3, 4]})
query = user_input
result = df.query(query)
print(result)• generic web: Monitor access logs for requests containing unusual query parameters or patterns that could indicate an attempted injection attack.
disclosure
Exploit Status
EPSS
0.88% (75% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-0185 is to upgrade to a patched version of Dify Tools Vanna as soon as it becomes available. Until a patch is released, consider implementing input validation and sanitization measures within the vn.gettrainingplan_generic function to prevent malicious queries from being executed. Restrict access to the Vanna module to trusted users and systems. Monitor system logs for unusual activity related to Pandas queries. While a WAF may not directly address this vulnerability, it can help detect and block suspicious query patterns. The Dify Tools team is expected to release a patch shortly.
Actualice la biblioteca langgenius/dify a la última versión disponible. Esto debería incluir la corrección para la vulnerabilidad de inyección de Pandas Query. Verifique las notas de la versión para confirmar que la vulnerabilidad CVE-2025-0185 ha sido abordada.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-0185 is a HIGH severity vulnerability in the Vanna module of Dify Tools, allowing attackers to potentially execute code through unsanitized user input in Pandas queries.
If you are using Dify Tools Vanna versions up to the latest release, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of Dify Tools Vanna. Until a patch is released, implement input validation and sanitization measures.
While no public exploits are currently known, the potential for RCE makes it a high-priority vulnerability. Monitor for any signs of exploitation.
Check the Dify Tools security page and GitHub repository for updates and advisories related to CVE-2025-0185.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je requirements.txt-bestand en we vertellen je direct of je getroffen bent.