CVE-2025-34267
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flowiseai | flowise | From 3.0.1 (inc) to 3.0.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34267 is a high-severity authenticated remote code execution vulnerability in Flowise versions from v3.0.1 up to but not including v3.0.8, and in later versions with the 'ALLOW_BUILTIN_DEP' feature enabled. The vulnerability arises from insecure use of Puppeteer and Playwright modules within Flowise's node VM sandbox environment. An authenticated attacker who can create or run tools leveraging these modules can specify malicious browser executable paths and parameters. When executed, these attacker-controlled binaries run on the host system, bypassing sandbox restrictions and allowing arbitrary code execution with host privileges. This enables the attacker to escape the sandbox and execute commands on the host machine. [1, 4]
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to execute arbitrary code on the host system running Flowise, potentially leading to full system compromise. The attacker can bypass sandbox restrictions, run malicious binaries, and gain control over the host environment. This can result in unauthorized access to sensitive data, disruption of services, installation of malware, or further attacks within the network. The impact includes high confidentiality and security integrity risks, with possible low impact on availability and integrity depending on the attacker's actions. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for suspicious API activity related to Flowise endpoints such as POST requests to /api/v1/tools, /api/v1/chatflows, and /api/v1/internal-prediction/{chatflow_id} that create or execute tools leveraging Puppeteer or Playwright with attacker-controlled executable paths. Network detection can focus on unusual outbound connections or reverse shell attempts initiated by these tools. Specific commands to detect exploitation attempts include inspecting Flowise API logs for creation of tools with suspicious 'executablePath' parameters, and using network monitoring tools to detect unexpected outbound connections (e.g., netcat reverse shells). For example, on the host, commands like `grep -r 'executablePath' /path/to/flowise/config` or monitoring network connections with `netstat -tunp | grep flowise` or `ss -tunp | grep flowise` can help identify suspicious activity. Additionally, monitoring POST requests to the vulnerable endpoints via web server logs or API gateway logs can help detect exploitation attempts. [4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Flowise to version 3.0.8 or later where the vulnerability is patched. Additionally, ensure that the environment variable ALLOW_BUILTIN_DEP is not enabled unless absolutely necessary, as disabling it by default prevents unsafe code execution. Review and restrict authenticated user permissions to prevent unauthorized creation or execution of tools leveraging Puppeteer or Playwright. Applying the security update from the merged pull request (#5231) that disables built-in dependencies by default is critical. Also, monitor and audit API usage to detect and block suspicious tool creation or execution. If upgrading immediately is not possible, consider disabling or restricting access to the vulnerable API endpoints and enforcing strict authentication and authorization controls. [2, 4]