CVE-2025-59422 is a medium-severity vulnerability classified under CWE-284 (Improper Access Control) affecting version 1.8.1 of Dify, an open-source large language model (LLM) application development platform by langgenius. The vulnerability exists in the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 API endpoint. This endpoint is intended to provide chat messages related to a specific conversation within a workspace. However, due to broken access control, any regular user within the same workspace can access chat messages belonging to other users, including administrators, if they know or can guess the conversation_id parameter. The exposed data includes query content and filenames associated with chats, leading to a confidentiality breach of potentially sensitive conversations. The vulnerability does not require user interaction and can be exploited remotely over the network, but it requires the attacker to have at least limited privileges (regular user) within the workspace. The vulnerability has been patched in version 1.9.0 of Dify. The CVSS 4.0 vector indicates network attack vector (AV:N), high attack complexity (AC:H), no privileges required beyond regular user (PR:L), no user interaction (UI:N), and high impact on confidentiality (VC:H) with no impact on integrity or availability. No known exploits are reported in the wild as of now.

For European organizations using Dify version 1.8.1, this vulnerability poses a significant risk to the confidentiality of internal communications and data exchanged via chat within the platform. Since Dify is used for LLM app development, chat messages may contain sensitive intellectual property, development plans, or personal data protected under GDPR. Unauthorized access to such information could lead to data breaches, loss of competitive advantage, and regulatory penalties. The fact that regular users can access admin and other users' chat data increases the risk of insider threats or lateral movement by malicious insiders. The breach of confidentiality could also undermine trust in collaborative environments and impact compliance with European data protection laws. Although the vulnerability does not affect integrity or availability, the exposure of sensitive chat content alone can have serious reputational and legal consequences.

European organizations should immediately upgrade Dify installations from version 1.8.1 to version 1.9.0 or later, where the access control issue has been fixed. Until the upgrade is applied, organizations should restrict user access to the affected API endpoints by implementing additional access control checks at the network or application firewall level, limiting API access to trusted users only. Monitoring and logging access to chat message APIs should be enhanced to detect any unauthorized access attempts. Organizations should also review workspace membership and permissions to minimize the number of users with access to sensitive conversations. Conducting an internal audit of chat data exposure and informing affected users may be necessary to comply with GDPR breach notification requirements. Finally, developers using Dify should follow secure coding practices to validate access rights rigorously and consider implementing rate limiting and anomaly detection on API endpoints to prevent exploitation.