Vulnerability Description
Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToStorage) to write arbitrary files, and the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints (via streamStorageFile) to read arbitrary files. Arbitrary file write may lead to remote code execution.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/FlowiseAI/Flowise/commit/8bd3de41533de78e4ef6c980e5704a1f9cb7
- https://github.com/FlowiseAI/Flowise/commit/c2b830f279e454e8b758da441016b2234f22
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-q67q-549q-p849
- https://www.vulncheck.com/advisories/flowise-arbitrary-file-access-via-missing-c
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-q67q-549q-p849
FAQ
What is CVE-2025-71334?
CVE-2025-71334 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in f...
How severe is CVE-2025-71334?
CVE-2025-71334 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-71334?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.