{"uuid": "927b9413-fde5-4161-a724-194ecf7ec29e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://t.me/cybersecplayground/132", "content": "\ud83d\udea8 Security Alert: CVE-2025-26319 \ud83d\udea8\n\n\ud83d\udd25 Arbitrary File Upload  in Flowise (v2.5) \u2013 CVSS 9.8 Critical\n\n\ud83d\udccc What\u2019s the risk?\nA pre-authenticated arbitrary file upload vulnerability in FlowiseAI Flowise v2.5 allows attackers to upload malicious files, potentially leading to remote code execution (RCE) and server compromise.\n\n\ud83d\udd0d Key Details:\n\n\ud83d\udccc Affected Version: FlowiseAI Flowise v2.5\n\ud83d\udea8 Risk: Unauthenticated attackers can upload malicious files, leading to full system compromise\n\n\u26a0\ufe0f No Patch Available Yet\n\n\ud83d\udcbb HUNTER Query:product.name=\"Flowise\"\n\n\ud83d\udd17 Hunter Link\n\n\ud83d\udd14 Action Required:\n\u2705 If you\u2019re using Flowise v2.5, apply mitigations immediately!\n\u2705 Restrict file uploads and monitor for suspicious activities\n\u2705 Check if your instance is exposed using Netlas.io\n\n\ud83d\udd34 Stay ahead in cybersecurity \u2013 Join us!\n\ud83d\udd17 @cybersecplayground for real-time updates.\n\n#Flowise #hunterhow #infosec #infosecurity #OSINT #Vulnerability \ud83d\udea8", "creation_timestamp": "2025-03-13T08:38:36.000000Z"}