dify-exploit
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes weaponized payloads for CVE-2025-55182, targeting a vulnerability in React Server Components. The provided Nuclei templates and markdown guides demonstrate how to achieve remote code execution using Node.js child_process.execSync.
- [DATA_EXFILTRATION]: The skill provides detailed instructions for exploiting CVE-2025-56520 (SSRF) to access internal resources. It specifically targets cloud metadata services (e.g., AWS, Alibaba Cloud, and Tencent Cloud) to exfiltrate security credentials.
- [COMMAND_EXECUTION]: Instructions and exploit examples facilitate the execution of arbitrary system commands on target servers, including guidance for establishing reverse shells for persistent access.
- [PROMPT_INJECTION]: The skill contains instructions that direct the agent to automatically apply exploitation techniques when encountering specific platform keywords or user requests related to Dify instances.
Recommendations
- AI detected serious security threats
Audit Metadata