Skip to main content

Flowise CVE-2025-8943

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2025-08-14 reefs@jfrog.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:06 vuln.today
PoC Detected
Sep 23, 2025 - 15:23 vuln.today
Public exploit code
CVE Published
Aug 14, 2025 - 10:15 nvd
CRITICAL 9.8

DescriptionCVE.org

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

AnalysisAI

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS commands. The combination of no default authentication and the ability to spawn local processes via tools like npx enables unauthenticated remote code execution on any Flowise installation.

Technical ContextAI

Flowise's Custom MCPs feature allows configuring external MCP (Model Context Protocol) servers using commands like npx. This feature is inherently capable of executing OS commands. Prior to version 3.0.1, Flowise operates without authentication by default and lacks RBAC. Any unauthenticated user can create Custom MCP configurations that execute arbitrary commands on the server.

RemediationAI

Update to Flowise 3.0.1 or later. Enable authentication immediately on all Flowise instances. Run Flowise behind a reverse proxy with authentication. Deploy in containers with restricted network and filesystem access. Never expose Flowise directly to the internet.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

CVE-2025-29189 HIGH POC
7.6 Apr 09

Flowise <= 2.2.3 is vulnerable to SQL Injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploita

Share

CVE-2025-8943 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy