CVE-2025-57164

Name of the Vulnerable Software and Affected Versions Flowise versions through 3.0.4

Description FlowiseAI is susceptible to remote code execution due to the lack of input sanitization within the "Supabase RPC Filter" component. An authenticated administrator can inject malicious payloads into the supabaseRPCFilter field, leading to the execution of arbitrary server-side code. This is achieved through the use of JavaScript’s execSync() function, enabling actions such as launching reverse shells, accessing environment secrets, and executing operating system-level commands. The vulnerable component is located at packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237. Exploitation involves crafting a filter expression to trigger code execution, potentially leading to full server compromise and exposure of sensitive information like the JWT REFRESH TOKEN SECRET. The vulnerability violates the trust boundary between frontend input and backend execution logic, specifically relating to OWASP LLM Top 10 - LLM-06: Sensitive Code Execution.

Recommendations Versions prior to 3.0.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.