Home > Vulnerability Database > CVE-2025-58747

Mend.io Vulnerability Database

CVE-2025-58747

Good to know:

Date: October 17, 2025

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorization_url provided by a remote MCP server is directly passed to window.open without validation or sanitization. An attacker can craft a malicious MCP server that returns a JavaScript URI (such as javascript:alert(1)) in the authorization_url field, which is then executed when the victim attempts to connect to the MCP server. This allows the attacker to execute arbitrary JavaScript in the context of the Dify application.

Severity Score

6.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58747

Url: https://github.com/langgenius/dify/commit/bfda4ce7e6f39d43a4420e97e23a18edcfe3e3d3

Url: https://github.com/langgenius/dify/security/advisories/GHSA-9jch-j9qf-vqfw

Url: https://www.mend.io/vulnerability-database/CVE-2025-58747

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version https://github.com/langgenius/dify.git - 1.9.2

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58747

Good to know:

Date: October 17, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?