CVE-2025-63386 identifies a critical security vulnerability in Dify version 1.9.1 related to an insecure Cross-Origin Resource Sharing (CORS) policy implemented on the /console/api/setup endpoint. The vulnerability arises because the endpoint reflects the Origin header from incoming requests without validation and enables the Access-Control-Allow-Credentials header set to true. This combination allows any external domain to perform authenticated requests on behalf of a legitimate user, bypassing same-origin policy protections. The underlying weakness is classified under CWE-346 (Origin Validation Error), indicating improper validation of the Origin header. The vulnerability does not require any authentication or user interaction, making it trivially exploitable remotely. Attackers can craft malicious web pages that, when visited by an authenticated user, can silently perform sensitive operations or extract confidential data from the vulnerable Dify instance. Although the supplier disputes the vulnerability citing intentional design for bootstrap functionality, this design choice significantly expands the attack surface and risks unauthorized data access and integrity violations. The CVSS v3.1 base score of 9.1 reflects the critical nature of this flaw, with network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality and integrity. No patches or fixes are currently linked, and no known exploits have been observed in the wild as of the publication date. Organizations running Dify v1.9.1 should prioritize risk assessment and mitigation to prevent potential exploitation.

For European organizations, exploitation of this vulnerability could lead to severe confidentiality and integrity breaches. Attackers can leverage the misconfigured CORS policy to perform unauthorized actions or steal sensitive information from authenticated sessions, potentially compromising internal data, user credentials, or administrative controls. This risk is heightened in sectors where Dify is used for critical operations or sensitive data management, such as finance, healthcare, or government services. The lack of required authentication and user interaction means attackers can exploit this remotely and at scale, increasing the likelihood of widespread impact. Additionally, the vulnerability could facilitate lateral movement within networks if attackers gain access to internal resources through compromised Dify instances. The reputational damage and regulatory consequences under GDPR for data breaches could be significant for affected European entities.

European organizations should immediately audit their use of Dify, specifically version 1.9.1, and the exposure of the /console/api/setup endpoint. If possible, restrict access to this endpoint via network controls such as IP whitelisting or VPN-only access. Implement strict validation of the Origin header on the server side to allow only trusted domains and disable Access-Control-Allow-Credentials unless absolutely necessary. If the bootstrap functionality requires this configuration, consider alternative secure bootstrap methods that do not expose such broad CORS permissions. Monitor logs for suspicious cross-origin requests and unauthorized access attempts. Engage with the vendor or community to obtain or develop patches that properly secure the CORS policy. In the interim, consider deploying Web Application Firewalls (WAFs) with rules to block suspicious CORS headers or anomalous requests targeting the vulnerable endpoint. Educate developers and administrators about the risks of insecure CORS configurations and enforce secure coding practices for future deployments.