CVE-2025-61913

Critical CVSS: 9.9

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any path in the file system, potentially leading to remote command execution. Flowise 3.0.8 fixes this vulnerability.

Vendor

Flowiseai

Product

Flowise

CWE

CWE-22

Yayın Tarihi

2025-10-08 23:15:31

Güncelleme

2025-10-20 15:23:05

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Flowise CRITICAL Flowiseai 2025

Referanslar

https://github.com/FlowiseAI/Flowise/commit/1fb12cd93143592a18995f63b781d25b354d48a3 https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.8 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-j44m-5v8f-gc9c https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-jv9m-vf54-chjj https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-j44m-5v8f-gc9c https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-jv9m-vf54-chjj

Benzer Kayıtlar

High

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise expose…

High

CVE-2026-30823

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there…

High

CVE-2026-30824

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NV…

High

CVE-2026-30822

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauth…

High

CVE-2026-30820

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowis…

High

CVE-2026-30821

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /a…