What is the CVSS score of CVE-2025-8943?

CVE-2025-8943 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 80.4%.

Which versions of Flowise are affected by CVE-2025-8943?

Organizations using Custom MCPs feature face critical risk from CVE-2025-8943, a missing authentication vulnerability rated CVSS 9.8.

Is there a public PoC exploit available for CVE-2025-8943?

Yes, a public proof-of-concept exploit is available for CVE-2025-8943. Prioritise patching immediately. EPSS: 80.4%.

How to fix or mitigate CVE-2025-8943?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Audit authentication configurations and rotate any potentially compromised credentials.

Flowise CVE-2025-8943

CRITICAL

Missing Authentication for Critical Function (CWE-306)

2025-08-14 reefs@jfrog.com

Authentication Bypass Flowise

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:06 vuln.today

PoC Detected

Sep 23, 2025 - 15:23 vuln.today

Public exploit code

CVE Published

Aug 14, 2025 - 10:15 nvd

CRITICAL 9.8

DescriptionNVD

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

AnalysisAI

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS commands. The combination of no default authentication and the ability to spawn local processes via tools like npx enables unauthenticated remote code execution on any Flowise installation.

Technical ContextAI

Flowise's Custom MCPs feature allows configuring external MCP (Model Context Protocol) servers using commands like npx. This feature is inherently capable of executing OS commands. Prior to version 3.0.1, Flowise operates without authentication by default and lacks RBAC. Any unauthenticated user can create Custom MCP configurations that execute arbitrary commands on the server.

RemediationAI

Update to Flowise 3.0.1 or later. Enable authentication immediately on all Flowise instances. Run Flowise behind a reverse proxy with authentication. Deploy in containers with restricted network and filesystem access. Never expose Flowise directly to the internet.

CVE-2025-8943 vulnerability details – vuln.today

Back

Flowise CVE-2025-8943

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code