Skip to main content

Flowise CVE-2025-71333

| EUVDEUVD-2025-210339 CRITICAL
External Control of File Name or Path (CWE-73)
2026-06-25 VulnCheck GHSA-grch-cc26-w2fv
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.8 CRITICAL

Endpoint is network-reachable and whitelisted past auth (AV:N/PR:N), input-only traversal is low-complexity with no user interaction (AC:L/UI:N), and arbitrary file write enabling RCE yields full C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 25, 2026 - 22:33 vuln.today
Analysis Generated
Jun 25, 2026 - 22:33 vuln.today

DescriptionCVE.org

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially enabling remote code execution and server compromise.

AnalysisAI

Unauthenticated arbitrary file upload in Flowise (versions through 2.2.7) lets remote attackers write malicious files to arbitrary locations on the server via the whitelisted /api/v1/attachments endpoint when storageType is set to local (the default). Because the chatId and chatflowId parameters are vulnerable to path traversal, an attacker can escape the intended upload directory and drop a webshell or other executable payload, leading to remote code execution and full server compromise. No public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 4.0 9.3) and was reported by VulnCheck with a vendor security advisory.

Technical ContextAI

Flowise is an open-source, low-code drag-and-drop builder for LLM/agent workflows built on a Node.js/TypeScript server (npm package 'flowise'). The root cause is CWE-73 (External Control of File Name or Path): the /api/v1/attachments route is part of the WHITELIST_URLS set in packages/server/src/index.ts, meaning the global authentication middleware deliberately skips API-key validation for it. With authentication bypassed, the upload handler trusts the user-supplied chatId and chatflowId values when constructing the destination path on the local filesystem (storageType=local). Supplying traversal sequences (e.g. ../) in those parameters lets the attacker control the write directory, so an uploaded file can land in a location from which it can be served or executed, converting a file-upload primitive into code execution.

RemediationAI

Upstream fix available (PR/commit); released patched version not independently confirmed - the fix is referenced as commit https://github.com/FlowiseAI/Flowise/commit/c2b830f279e454e8b758da441016b2234f220ac7 but the input lists no tagged patched release ('fixed in: None'), so confirm the corresponding release with the vendor advisory before relying on a version number. Apply the latest available Flowise build that includes that commit and consult https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-h42x-xx2q-6v6g for the canonical fix. As compensating controls until a confirmed release is deployed: switch storageType away from local (e.g. to an object-storage backend like S3) so the local-path write primitive is removed, accepting the trade-off of reconfiguring attachment storage; place Flowise behind a reverse proxy or WAF rule that blocks path-traversal sequences (../, encoded variants) and restricts or denies external access to the /api/v1/attachments endpoint, accepting that legitimate attachment uploads from untrusted networks will also be blocked; and restrict network exposure of the Flowise server to trusted internal users, accepting reduced reachability for remote/SaaS use cases.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

CVE-2025-71333 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy