CVE-2025-50538
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flowiseai | flowise | to 3.0.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-50538 is a critical stored Cross-Site Scripting (XSS) vulnerability in FlowiseAI versions prior to 2.2.7. It allows an attacker to inject malicious JavaScript code via the chat message input. When an administrator views the chat log using the 'View Messages' button, the injected script executes in the admin's browser. The attack exploits a lack of input sanitization when rendering stored user messages, specifically using an iframe element with embedded JavaScript, enabling the attacker to run arbitrary code in the admin context. [2]
How can this vulnerability impact me? :
This vulnerability can lead to severe impacts including theft of sensitive data such as admin credentials and localStorage contents, potential account takeover, privilege escalation to admin level, and full compromise of the FlowiseAI admin panel. The attacker can remotely execute code in the admin's browser, which may result in loss of confidentiality and integrity of the system. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious or malicious payloads containing iframe elements with srcdoc attributes in chat messages, especially those viewed by admins. You can search stored chat logs or database entries for patterns like '<iframe srcdoc="<script>' to identify potential exploit attempts. Additionally, network monitoring tools can be used to detect outbound requests to unknown or attacker-controlled domains triggered by such scripts. For example, using grep on stored message files or database exports: grep -r '<iframe srcdoc="<script>' /path/to/chat/logs. Also, monitoring browser developer tools or proxy logs for unexpected requests when admins view chat logs can help detect exploitation. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading FlowiseAI to version 2.2.7 or later, where the vulnerability has been patched. If upgrading is not immediately possible, restrict admin access to the chat log viewing feature to trusted users only and avoid viewing untrusted messages. Implement input sanitization or filtering to block iframe and script tags in chat messages. Additionally, monitor and audit admin activity and network traffic for signs of exploitation. Applying the security fixes from the merged pull request that introduces safe HTML rendering components can also mitigate the risk. [1, 2]