CVE-2025-8943

Name of the Vulnerable Software and Affected Versions: Flowise versions prior to 3.0.1

Description: Flowise, a software platform for building user interfaces over language models (LLM), has a missing authentication check for a critical function. This allows remote, unauthenticated attackers to execute arbitrary operating system commands through the Custom MCPs feature, which is designed to execute OS commands using tools like npx. The inherent authentication and authorization model of Flowise is minimal and lacks role-based access controls (RBAC). Active exploitation of this issue has been detected. The Custom MCPs feature executes OS commands, and the lack of authentication allows attackers to execute unsandboxed OS commands.

Recommendations: Update Flowise to version 3.0.1 or later.