CVE-2025-61913

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8

Description Flowise is a drag and drop user interface used to build customized large language model flows. Versions prior to 3.0.8 contain a flaw in the WriteFileTool and ReadFileTool components where file path access is not restricted. This allows authenticated attackers to read and write arbitrary files to any path in the file system, potentially leading to remote command execution. Approximately 12.7k potential targets have been identified. The issue involves unrestricted file path access within the ReadFileTool and WriteFileTool components, enabling attackers to pivot from file access.

Recommendations Update Flowise to version 3.0.8 or later.