CVE-2025-0185

Summary

CVE-2025-0185 is a newly discovered vulnerability affecting the Dify Tools' Vanna module in the langgenius/dify repository. This issue resides in the `vn.get_training_plan_generic(df_information_schema)` function, which fails to sanitize user inputs prior to executing queries using the Pandas library. Consequently, an attacker can potentially execute Remote Code Execution (RCE) attacks by injecting malicious queries through the input. This vulnerability poses a significant risk, particularly for environments utilizing the Dify Tools and the latest version of the Vanna module. System administrators are urged to apply relevant patches or mitigations as soon as possible to protect against potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.