CVE-2025-71334
Received Received - Intake
Arbitrary File Write in Flowise AI Platform

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: VulnCheck

Description
Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToStorage) to write arbitrary files, and the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints (via streamStorageFile) to read arbitrary files. Arbitrary file write may lead to remote code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2025-71334
EUVD
EUVD-2025-210340
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowise flowise to 3.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Flowise versions 2.2.8 and earlier before 3.0.6. It is caused by missing validation of the chatflowId and chatId parameters, which should be UUIDs or numbers, in file handling operations.

An unauthenticated attacker can exploit this by supplying a path-traversal value (for example, '../../../../../tmp') as the chatflow id. This allows the attacker to write arbitrary files using the /api/v1/chatflows endpoint and read arbitrary files using the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints.

The ability to write arbitrary files may lead to remote code execution, making this a critical security issue.

Impact Analysis

This vulnerability can have severe impacts including unauthorized reading and writing of files on the affected system.

An attacker can exploit this to execute arbitrary code remotely, potentially taking full control of the system running the vulnerable Flowise version.

Because the attack requires no authentication, it poses a high risk of compromise, data theft, data manipulation, or service disruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71334. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart