CVE-2025-59527
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-09-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flowiseai | flowise | 3.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59527 is a Server-Side Request Forgery (SSRF) vulnerability in the Flowise application version 3.0.5, specifically in the /api/v1/fetch-links endpoint. This endpoint fetches links from user-supplied URLs without validating or restricting them, allowing attackers to make the Flowise server send requests to internal network services. This lets attackers access and enumerate internal web applications and sensitive endpoints by using the server as a proxy. [1]
How can this vulnerability impact me? :
If your Flowise server is exposed to external traffic, an attacker can exploit this vulnerability to bypass firewall rules, explore internal web services, and retrieve sensitive data such as API keys, user management information, and database configurations. This can lead to data leakage and facilitate lateral movement within your enterprise network, posing a significant security risk. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to unauthorized exposure of sensitive data, including credentials and configuration details, which may result in non-compliance with data protection regulations such as GDPR and HIPAA that require safeguarding personal and sensitive information against unauthorized access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or testing the /api/v1/fetch-links endpoint for SSRF behavior. You can attempt to send crafted requests to this endpoint with URLs pointing to internal network services to see if the server fetches them. For example, using curl to test the endpoint: curl -X POST http://<flowise-server>/api/v1/fetch-links -H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' -d '{"url":"http://localhost:8080/admin","relativeLinksMethod":"webCrawl"}'. Additionally, network monitoring tools can be used to detect unexpected outbound HTTP requests from the Flowise server to internal IP addresses. Look for HTTP requests originating from the Flowise server to internal IP ranges or sensitive endpoints such as /api/users, /api/secrets, or /api/database. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Flowise application to version 3.0.6 or later, where this SSRF vulnerability has been patched. Until the upgrade can be performed, restrict external access to the Flowise server to trusted networks only, and implement network-level controls to block the Flowise server from making HTTP requests to internal services. Additionally, monitor and audit the /api/v1/fetch-links endpoint usage for suspicious activity. [1]