Security Advisory

CVE-2025-0185

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:09:11

Last updated 2025-03-20 14:24:59

Assigner @huntr_ai

State PUBLISHED

Description

A vulnerability in the Dify Tools Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user inputs before executing queries using the Pandas library. This can potentially lead to Remote Code Execution (RCE) if exploited.

← Browse all CVEs View on cve.org ↗