How severe is CVE-2025-43862?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2025-43862?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-43862 - HIGH Severity | CVSS 7.6

Vulnerability Description

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.

Related Vulnerabilities

CVE-2016-5536

HIGH

CVSS:7.6(High)

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidential...

CWE-2842016

CVE-2016-5562

HIGH

CVSS:7.6(High)

Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality an...

CWE-2842016

CVE-2016-8281

HIGH

CVSS:7.6(High)

CWE-2842016

CVE-2016-8296

HIGH

CVSS:7.6(High)

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via v...

CWE-2842016

CVE-2016-8529

HIGH

CVSS:7.6(High)

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in L...

CWE-2842016

CVE-2021-38392

HIGH

CVSS:7.6(High)

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program ...

CWE-2842021