CVE-2025-63386 identifies a critical security vulnerability in Dify version 1.9.1, specifically within the /console/api/setup endpoint. The issue stems from an insecure Cross-Origin Resource Sharing (CORS) configuration where the server reflects any Origin header value sent by the client and simultaneously enables the Access-Control-Allow-Credentials header set to true. This combination violates secure CORS practices because it allows arbitrary external domains to make authenticated requests using the victim’s credentials or session context. The vulnerability corresponds to CWE-346 (Origin Validation Error), which occurs when the server fails to properly validate the Origin header, thereby permitting cross-origin requests that should be blocked. The CVSS v3.1 base score of 9.1 reflects a critical severity level, with an attack vector of network (remote exploitation), low attack complexity, no privileges required, no user interaction, and high impact on confidentiality and integrity. Exploiting this flaw could allow attackers to perform actions on behalf of authenticated users, such as accessing sensitive configuration data or manipulating system settings, without needing to authenticate themselves. Although no public exploits have been reported yet, the vulnerability’s nature makes it a prime target for attackers aiming to compromise web applications relying on Dify. The absence of patch links suggests that a fix may not yet be publicly available, increasing the urgency for organizations to implement interim mitigations. This vulnerability highlights the critical importance of strict CORS policies that whitelist trusted origins and avoid enabling credentials indiscriminately.

For European organizations, the impact of CVE-2025-63386 can be severe, especially for those using Dify in environments where sensitive or regulated data is processed. The vulnerability allows attackers to bypass same-origin policy protections, enabling unauthorized access to confidential information and unauthorized modification of system configurations. This can lead to data breaches, loss of intellectual property, disruption of services, and potential compliance violations under regulations such as GDPR. The ability to perform authenticated requests without user consent increases the risk of privilege escalation and lateral movement within networks. Sectors such as finance, healthcare, government, and critical infrastructure that rely on Dify for operational or administrative functions are particularly vulnerable. Additionally, the vulnerability could be leveraged as an initial access vector or part of a multi-stage attack chain, amplifying its impact. The lack of known exploits currently provides a window for proactive defense, but the critical severity score underscores the urgency to address this issue promptly.

To mitigate CVE-2025-63386, organizations should immediately audit and restrict the CORS policy on the /console/api/setup endpoint. Specifically, the server must be configured to whitelist only trusted and verified origins rather than reflecting the Origin header dynamically. Access-Control-Allow-Credentials should be set to true only when the origin is explicitly trusted; otherwise, it must be disabled. Implement strict validation logic on the server side to reject requests with unrecognized or suspicious Origin headers. If possible, disable CORS on sensitive endpoints that do not require cross-origin access. Employ Web Application Firewalls (WAFs) to detect and block suspicious cross-origin requests. Monitor logs for unusual patterns of cross-origin requests and unauthorized access attempts. Keep abreast of vendor updates and apply patches as soon as they become available. Additionally, educate developers and administrators about secure CORS configurations and conduct regular security reviews of web application settings. Consider isolating administrative interfaces behind VPNs or IP allowlists to reduce exposure.