The CrowdSec Network has detected a wave of exploitation attempts targeting (unfixed) CVE-2025-56520, a Server-Side Request Forgery (SSRF) vulnerability in Dify.
Ironically, the vulnerability disclosure itself reflects the modern AI era. Reported by a researcher, the issue was managed and ultimately closed as “stale” by an AI bot, despite confirmation that the exploit was still active. It seems that while “vibe coding” can accelerate development, it hasn’t quite mastered the art of fixing the security holes it helps create.
Key findings
- Recent Surge: While CVE-2025-56520 was published in September 2025, CrowdSec started observing targeted exploitation attempts immediately after releasing specific detection rules on February 11, 2026.
- Reconnaissance Focus: The attacks are primarily focused on reconnaissance, with threat actors using the SSRF vulnerability to map internal networks and identify viable targets for further exploitation.
- Escalating Interest: Despite a relatively low volume of distinct attacking IPs, the intensity of the attacks is surging well above historical norms for similar vulnerabilities.
What is Dify?
Dify is an open-source Large Language Model (LLM) application development platform. It is part of the LangGenius project, created by former Tencent Cloud DevOps. It is widely used by developers, data scientists, and AI engineers to build and manage AI agents and workflows. It orchestrates various AI models and tools. It is a critical component in the AI technology stack for many organizations.
With around 130k GitHub stars, Dify ranks among the most popular AI agent platforms globally. Its widespread adoption means this vulnerability potentially affects thousands of AI implementations worldwide.
Why it matters: As an “agentic” AI tool, Dify often has access to sensitive internal data, API keys, and other critical infrastructure to function. Compromising a Dify instance can provide attackers with a powerful pivot point into an organization’s internal network, potentially exposing proprietary AI models and sensitive business data.
How does CVE-2025-56520 work?
This vulnerability is a Server-Side Request Forgery (SSRF) flaw located in the RemoteFileUploadApi component of Dify versions up to 1.6.0.
Attackers exploit this by sending specially crafted HTTP requests to the /console/api/remote-files/ endpoint. By manipulating the parameters in these requests, an attacker can force the Dify server to make arbitrary HTTP requests to other internal or external systems.
This allows attackers to:
- Port Scan: Probe internal ports to identify other running services not exposed to the internet.
- Access Metadata: In cloud environments, this could be used to access instance metadata services (IMDS) to steal temporary credentials.
- Bypass Firewalls: Interact with internal APIs that trust requests coming from the Dify server.
Threat Landscape Analysis
CrowdSec Security Engines show a clear shift in attacker behavior regarding Dify. As a consequence, Crowdsec Live Exploit Tracker currently reports CVE-2025-56520 with a “momentum score” of 5 and “opportunity score” of 4, indicating that this is an active and opportunistic threat.
The activity was detected since active scanning and exploitation attempts were characterized on February 11th. The low number of IPs coupled with high volume suggests that a few specific threat groups are automating these attacks, likely using available public exploits or templates (such as the Nuclei template referenced in the vulnerability data). The goal appears to be broad identification of vulnerable instances before launching more damaging payloads.
How to protect your systems
Patch: As of today, the issue is marked as stale on GitHub, and there is no plan for a patch publication available.
CrowdSec Protection:
- AppSec Component: If you are running Dify behind a web server or reverse proxy, ensure the CrowdSec AppSec component is enabled to block malicious request patterns.
- Blocklists: Subscribe to the CrowdSec Community Blocklist to preemptively block known malicious IPs that are scanning for this vulnerability.