Skip to main content

Flowise CVE-2025-71337

| EUVDEUVD-2025-210304 HIGH
Unverified Password Change (CWE-620)
2026-06-23 VulnCheck GHSA-4xff-r326-4qv2
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.3 HIGH

Network-reachable profile endpoint, low-privilege authenticated user can take over their own account leading to high C/I and limited A; no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 23, 2026 - 14:17 EUVD
Source Code Evidence Fetched
Jun 23, 2026 - 13:00 vuln.today
Analysis Generated
Jun 23, 2026 - 13:00 vuln.today

DescriptionCVE.org

Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the original email address or re-entering the current password. By changing the recovery email, an attacker can take over the account and abuse password reset mechanisms.

AnalysisAI

Account takeover in Flowise versions 3.0.7 and earlier allows an authenticated user to change their account email address via the profile endpoint without re-authenticating or confirming the change to the original email. Because email serves as both login identifier and password-recovery channel, an attacker who has hijacked a session (e.g., via XSS, stolen token, or unattended workstation) can pivot to permanent account ownership. Publicly available exploit code exists in the GitHub Security Advisory with reproduction steps, but no public exploit identified as actively used in the wild.

Technical ContextAI

Flowise is an open-source low-code platform (npm package flowise-ui) for building LLM orchestration flows and AI agents, exposing a web UI and REST API. The root cause is CWE-620 (Unverified Password Change), applied here to the email-change flow: the account profile endpoint accepts a new email address with only the session cookie as authority, performing neither a re-authentication challenge (current password) nor an out-of-band confirmation to the prior email address. Because the email doubles as the login identifier and the destination for password-reset tokens, it functions as a credential/recovery channel, and changing it silently rewrites both at once.

RemediationAI

Vendor-released patch: upgrade flowise-ui (and the Flowise server bundle) to version 3.0.10 or later, which is the fix identified in PR https://github.com/FlowiseAI/Flowise/pull/5294 and tracked in GHSA-x39m-3393-3qp4. If immediate upgrade is not possible, restrict access to the /account profile endpoint at a reverse proxy or WAF (deny PUT/POST to the email field for non-admin users), shorten session lifetimes and enforce re-authentication for sensitive actions, and require operators to monitor audit logs for unexpected email-change events - note this breaks the in-product profile editing UX. Pair the upgrade with a forced password reset for any account whose email was changed during the exposure window, and rotate any API keys or model credentials stored under those accounts.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

CVE-2025-71337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy