CVE-2025-56520 | Dify 1.6.0 server-side request forgery (Issue 22532)

A vulnerability was found in Dify 1.6.0. It has been declared as critical. This affects an unknown function of the component controllers.console.remote_files.RemoteFileUploadApi. Such manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2025-56520. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More