CVE-2025-71324
Modified Modified - Updated After Analysis

Arbitrary File Read in Flowise AI Application

Vulnerability report for CVE-2025-71324, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-30

Assigner: VulnCheck

Description

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is evaluated after the storage-directory containment check, allowing path traversal beyond the intended storage directory. Unauthenticated attackers can read sensitive files such as /root/.flowise/database.sqlite, exposing all database content in the default configuration.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-30
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
flowiseai flowise to 3.0.6 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Flowise versions before 3.0.6 and involves an arbitrary file read issue. It occurs because the chatId parameter in the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints is not properly validated. The chatId value is passed to a function that constructs a file path without properly restricting it to the intended storage directory, allowing path traversal. This means an attacker can manipulate the chatId to access files outside the allowed directory.

Because of this, unauthenticated attackers can read sensitive files on the server, such as the database file located at /root/.flowise/database.sqlite, potentially exposing all database content if the default configuration is used.

Detection Guidance

This vulnerability can be detected by attempting to exploit the arbitrary file read flaw via the vulnerable endpoints using crafted requests that include path traversal sequences in the chatId parameter.

One approach is to send HTTP requests to the endpoints /api/v1/get-upload-file and /api/v1/openai-assistants-file/download with a chatId parameter containing path traversal payloads such as ../../ to try to access sensitive files like /root/.flowise/database.sqlite.

  • Use curl or similar tools to send a request like: curl -v "http://<target>/api/v1/get-upload-file?chatId=../../../../root/.flowise/database.sqlite"
  • Attempt to leak a valid chatflowId (UUID) by sending a malformed request to /api/v1/vector/upsert/ endpoint, which may reveal the UUID in an error message.
  • Once a valid chatflowId is obtained, use it in the vulnerable endpoints to read arbitrary files.
Impact Analysis

This vulnerability can have serious impacts because it allows unauthenticated attackers to read arbitrary files on the server hosting Flowise. This can lead to exposure of sensitive information stored in files such as the database, which may contain confidential data.

The exposure of sensitive files can result in data breaches, loss of confidentiality, and potential further exploitation depending on the contents of the accessed files.

Compliance Impact

The vulnerability allows unauthenticated attackers to read sensitive files such as the database file containing all application data, including API keys. This exposure of sensitive data can lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Because the vulnerability results in unauthorized disclosure of confidential data, affected organizations may face compliance risks, including potential legal and financial penalties, if personal or protected health information is exposed.

Mitigation Strategies

The immediate mitigation step is to upgrade Flowise to version 3.0.6 or later, where this arbitrary file read vulnerability has been patched.

Until the upgrade can be applied, restrict access to the vulnerable endpoints (/api/v1/get-upload-file and /api/v1/openai-assistants-file/download) by implementing network-level controls such as firewall rules or API gateway restrictions to prevent unauthenticated access.

Monitor logs for suspicious requests containing path traversal patterns in the chatId parameter and investigate any anomalies.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71324. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart