CVE-2025-59527
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2025-09-23

Assigner: GitHub, Inc.

Description
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. This issue has been patched in version 3.0.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2025-09-23
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59527
EUVD
EUVD-2025-29247
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowiseai flowise 3.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-59527 is a Server-Side Request Forgery (SSRF) vulnerability in the Flowise application version 3.0.5, specifically in the /api/v1/fetch-links endpoint. This endpoint fetches links from user-supplied URLs without validating or restricting them, allowing attackers to make the Flowise server send requests to internal network services. This lets attackers access and enumerate internal web applications and sensitive endpoints by using the server as a proxy. [1]

Impact Analysis

If your Flowise server is exposed to external traffic, an attacker can exploit this vulnerability to bypass firewall rules, explore internal web services, and retrieve sensitive data such as API keys, user management information, and database configurations. This can lead to data leakage and facilitate lateral movement within your enterprise network, posing a significant security risk. [1]

Compliance Impact

This vulnerability can lead to unauthorized exposure of sensitive data, including credentials and configuration details, which may result in non-compliance with data protection regulations such as GDPR and HIPAA that require safeguarding personal and sensitive information against unauthorized access. [1]

Detection Guidance

This vulnerability can be detected by monitoring or testing the /api/v1/fetch-links endpoint for SSRF behavior. You can attempt to send crafted requests to this endpoint with URLs pointing to internal network services to see if the server fetches them. For example, using curl to test the endpoint: curl -X POST http://<flowise-server>/api/v1/fetch-links -H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' -d '{"url":"http://localhost:8080/admin","relativeLinksMethod":"webCrawl"}'. Additionally, network monitoring tools can be used to detect unexpected outbound HTTP requests from the Flowise server to internal IP addresses. Look for HTTP requests originating from the Flowise server to internal IP ranges or sensitive endpoints such as /api/users, /api/secrets, or /api/database. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the Flowise application to version 3.0.6 or later, where this SSRF vulnerability has been patched. Until the upgrade can be performed, restrict external access to the Flowise server to trusted networks only, and implement network-level controls to block the Flowise server from making HTTP requests to internal services. Additionally, monitor and audit the /api/v1/fetch-links endpoint usage for suspicious activity. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59527. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart