Cyber Resilience

CVE-2025-3466

HighPublic PoC

Published: 07 July 2025

Published
07 July 2025
Modified
10 July 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0082 74.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3466 is a high-severity Insufficient Isolation of System-Dependent Functions (CWE-1100) vulnerability in Langgenius Dify. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

EU & UK References

Vulnerability details

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox…

more

security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, dify

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Vulnerability in code node allows unsanitized JS input to override globals, bypass sandbox, and execute arbitrary code as root, enabling public-facing app exploitation, JS interpreter execution, privilege escalation, and access to secret keys in files.

Affected Assets

langgenius
dify
1.1.0 — 1.1.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References