PT-2025-40840 · Flowise · Flowise

Life-Team2024

Published

2025-10-03

Updated

2025-10-06

CVE-2025-29192

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.5

Description Flowise has a cross-site scripting (XSS) issue. This occurs through a FORM element and an INPUT element when an administrator views the chat log.

Recommendations Update Flowise to version 3.0.5 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-29192

GHSA-7R4H-VMJ9-WG42

GHSA-WQ95-WR7M-26H4

Affected Products

Flowise

PT-2025-40840 · Flowise · Flowise

CVE-2025-29192

Weakness Enumeration

Related Identifiers

Affected Products

References · 12