The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-67732

CVE-2025-67732: Dify LLM API Key Exposure Vulnerability

CVE-2025-67732 is an information disclosure flaw in Dify LLM app development platform that exposes API keys in plaintext to non-admin users. This article covers technical details, affected versions, and mitigation strategies.

Updated: January 22, 2026

CVE-2025-67732 Overview

CVE-2025-67732 is an information disclosure vulnerability in Dify, an open-source LLM (Large Language Model) application development platform. Prior to version 1.11.0, the platform exposes API keys in plaintext to the frontend interface, allowing non-administrator users to view and potentially reuse these sensitive credentials. This security flaw falls under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and can lead to unauthorized access to third-party services integrated with the Dify platform.

Critical Impact

Non-administrator users can access plaintext API keys, enabling unauthorized consumption of third-party service quotas and potential lateral movement to connected AI services.

Affected Products

  • Dify versions prior to 1.11.0
  • Dify LLM app development platform deployments with multi-user access
  • Self-hosted and cloud instances running vulnerable versions

Discovery Timeline

  • 2026-01-05 - CVE CVE-2025-67732 published to NVD
  • 2026-01-08 - Last updated in NVD database

Technical Details for CVE-2025-67732

Vulnerability Analysis

This vulnerability represents a significant information disclosure flaw in the Dify platform's access control implementation. The core issue lies in the application's handling of sensitive API credentials, where API keys for third-party services (such as OpenAI, Anthropic, or other LLM providers) are transmitted and rendered in plaintext within the frontend interface. This means that any authenticated user, regardless of their privilege level, can access these credentials through normal browser inspection tools or network traffic analysis.

The impact extends beyond simple credential exposure. API keys for LLM services often have associated usage quotas and billing implications. Unauthorized access to these keys could result in significant financial impact through quota consumption, service abuse, or unauthorized data access to connected third-party services. Additionally, exposed API keys could be used to exfiltrate data or perform actions under the guise of the legitimate key owner.

Root Cause

The root cause of this vulnerability is improper access control in the Dify application's frontend data handling. The application fails to implement proper role-based access restrictions when transmitting API key data to the client-side interface. Instead of masking or restricting API key visibility to administrator-only roles, the backend sends complete, unobfuscated credentials to all authenticated users, regardless of their authorization level. This violates the principle of least privilege and exposes sensitive configuration data to users who should not have access to it.

Attack Vector

The attack vector for CVE-2025-67732 is network-based with low complexity. An attacker with valid low-privilege credentials on a Dify instance can exploit this vulnerability through the following steps:

  1. Authenticate to the Dify platform with any valid user account (non-administrator)
  2. Navigate to areas of the application where API configurations are displayed or accessible
  3. Use browser developer tools to inspect network responses or DOM elements
  4. Extract the plaintext API keys from the exposed data
  5. Use the compromised credentials to access third-party services directly, bypassing Dify's access controls

The vulnerability requires authentication but no additional user interaction, making it readily exploitable by any insider or user with compromised credentials.

Detection Methods for CVE-2025-67732

Indicators of Compromise

  • Unusual API usage patterns or quota consumption spikes on connected third-party LLM services
  • Authentication logs showing non-administrator users accessing API configuration endpoints
  • Unexpected API calls originating from IP addresses not associated with the Dify deployment
  • Third-party service alerts indicating API key usage from unauthorized locations

Detection Strategies

  • Monitor Dify application logs for non-admin users accessing configuration or settings pages that contain API key data
  • Implement network traffic analysis to detect API key patterns being transmitted to or from the frontend
  • Enable audit logging for all API configuration access attempts and cross-reference with user privilege levels
  • Deploy DLP (Data Loss Prevention) solutions to detect API key patterns in network traffic

Monitoring Recommendations

  • Establish baseline API usage metrics for connected third-party services and alert on anomalies
  • Configure third-party LLM providers to send usage alerts and track key utilization by request source
  • Implement session monitoring to track user navigation patterns and detect reconnaissance activities
  • Enable detailed audit trails for all administrative actions and configuration access in the Dify platform

How to Mitigate CVE-2025-67732

Immediate Actions Required

  • Upgrade Dify to version 1.11.0 or later immediately to remediate this vulnerability
  • Rotate all API keys that were configured in vulnerable Dify instances as they should be considered potentially compromised
  • Review access logs to identify if any non-administrator users accessed API configuration areas
  • Audit third-party service usage logs for any unauthorized or anomalous activity during the exposure window

Patch Information

The vulnerability has been addressed in Dify version 1.11.0. Organizations running affected versions should upgrade to 1.11.0 or later as soon as possible. The security advisory with additional details is available through the Dify GitHub Security Advisory. After upgrading, administrators should verify that API keys are properly masked in the frontend interface and conduct a full credential rotation for all integrated services.

Workarounds

  • Restrict platform access to only trusted administrator accounts until the patch can be applied
  • Implement network-level restrictions to limit Dify access to specific IP ranges or VPN connections
  • Monitor and rate-limit API key usage on third-party services to minimize potential abuse impact
  • Consider temporarily disabling or removing third-party API integrations until the upgrade is complete
bash
# Configuration example
# Upgrade Dify to patched version
cd /path/to/dify
git fetch --tags
git checkout v1.11.0

# Restart Dify services after upgrade
docker-compose down
docker-compose up -d

# Verify version after upgrade
docker exec dify-api cat /app/version.txt

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechDify
  • SeverityHIGH
  • CVSS Score8.4
  • EPSS Probability0.05%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-200
  • Technical References
  • GitHub Security Advisory
  • Related CVEs
  • CVE-2026-28288: Dify Information Disclosure Vulnerability
  • CVE-2026-21866: Dify Stored XSS Vulnerability
  • CVE-2026-26023: Dify LLM Platform XSS Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English