How severe is CVE-2025-32790?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-32790?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-32790

MEDIUM Year: 2025

CVSS v3 Score

6.3

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13.

CVE-2015-6933

MEDIUM

CVSS:6.3(Medium)

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allo...

CWE-2842015

CVE-2016-0914

MEDIUM

CVSS:6.3(Medium)

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Doc...

CWE-2842016

CVE-2016-1200

MEDIUM

CVSS:6.3(Medium)

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-11...

CWE-2842016

CVE-2016-1638

MEDIUM

CVSS:6.3(Medium)

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass inten...

CWE-2842016

CVE-2016-2277

MEDIUM

CVSS:6.3(Medium)

IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.

CWE-2842016

CVE-2016-5601

MEDIUM

CVSS:6.3(Medium)

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors re...

CWE-2842016

CVE-2025-32790

Vulnerability Description

Related Vulnerabilities

CVE-2015-6933

CVE-2016-0914

CVE-2016-1200

CVE-2016-1638

CVE-2016-2277

CVE-2016-5601