CWE-1100
Insufficient Isolation of System-Dependent Functions
The product or code does not isolate system-dependent functionality into separate standalone modules.
CVE-2025-3466 (GCVE-0-2025-3466)
Vulnerability from cvelistv5
Published
2025-07-07 09:55
Modified
2025-07-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1100 - Insufficient Isolation of System-Dependent Functions
Summary
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | langgenius/dify |
Version: unspecified < 1.1.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3466",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T14:12:53.905524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T14:21:49.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "langgenius/dify",
"vendor": "langgenius",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1100",
"description": "CWE-1100 Insufficient Isolation of System-Dependent Functions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T09:55:28.608Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/f8dc17a3-5536-4944-a680-24070903cd2d"
},
{
"url": "https://github.com/langgenius/dify/commit/1be0d26c1feb4bcbbdd2b4ae4eeb25874aadaddb"
}
],
"source": {
"advisory": "f8dc17a3-5536-4944-a680-24070903cd2d",
"discovery": "EXTERNAL"
},
"title": "Unsanitized Input in langgenius/dify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-3466",
"datePublished": "2025-07-07T09:55:28.608Z",
"dateReserved": "2025-04-09T11:35:16.408Z",
"dateUpdated": "2025-07-07T14:21:49.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.