Skip to main content

Flowise CVE-2025-71332

| EUVDEUVD-2025-210326 HIGH
SQL Injection (CWE-89)
2026-06-24 VulnCheck
8.5
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.5 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Remote API call over the network with low complexity; PR:L because any authenticated user can call import endpoints; high C and I from arbitrary SQL, no availability impact noted.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 24, 2026 - 12:15 vuln.today
Analysis Generated
Jun 24, 2026 - 12:15 vuln.today

DescriptionCVE.org

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to be executed, including blind and error-based extraction of data from the credential table.

AnalysisAI

SQL injection in Flowise through 2.2.7 allows authenticated users to execute arbitrary SQL via the importChatflows API by supplying a crafted JSON file whose chatflow.id value is concatenated unsanitized into an IN clause. Successful exploitation enables blind and error-based extraction of stored credentials and tampering with application data. Publicly available exploit code exists in the GHSA advisory, though no active exploitation is confirmed.

Technical ContextAI

Flowise is an open-source low-code platform for building LLM orchestration flows, backed by a TypeORM-managed relational database. The vulnerable function importChatflows in packages/server/src/services/chatflows/index.ts builds a raw IN-clause string by interpolating each newChatflow.id directly into the query via createQueryBuilder().where(cf.id IN ${ids}), bypassing parameter binding. This is a textbook CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) flaw - a payload like ') {malicious SQL} -- breaks out of the quoted IN list and appends attacker-controlled SQL. The advisory notes that importTools and importVariables share the same unsafe import pattern, suggesting a class of bugs rather than a single defect.

RemediationAI

Upstream fix available (PR/commit); released patched version not independently confirmed - track FlowiseAI/Flowise pull request https://github.com/FlowiseAI/Flowise/pull/4226 and upgrade to the first Flowise release that incorporates it once published, monitoring the GHSA advisory at https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9c4c-g95m-c8cp. Until a tagged release ships, operators should restrict access to the importChatflows, importTools, and importVariables endpoints via a reverse proxy or auth middleware so only trusted administrators can call them (side effect: legitimate users lose self-service import); audit existing user accounts and rotate any secrets stored in the credential table since blind extraction is feasible (side effect: temporary service disruption for downstream integrations); and consider running Flowise behind a WAF rule that blocks single-quote and SQL keywords in JSON id fields posted to the import routes (side effect: may false-positive on legitimate identifiers containing those characters).

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

CVE-2025-71332 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy