CVE-2025-71334
Analyzed Analyzed - Analysis Complete

Arbitrary File Write in Flowise AI Platform

Vulnerability report for CVE-2025-71334, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-01

Assigner: VulnCheck

Description

Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToStorage) to write arbitrary files, and the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints (via streamStorageFile) to read arbitrary files. Arbitrary file write may lead to remote code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-01
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
flowiseai flowise to 3.0.6 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in Flowise allows unauthenticated attackers to read and write arbitrary files, potentially leading to remote code execution and unauthorized data access.

Such unauthorized access and manipulation of files can result in exposure or alteration of sensitive personal or protected health information, which would violate data protection requirements under standards like GDPR and HIPAA.

Therefore, this vulnerability poses a significant risk to compliance with these regulations by undermining data confidentiality, integrity, and security controls mandated by them.

Executive Summary

This vulnerability exists in Flowise versions 2.2.8 and earlier before 3.0.6. It is caused by missing validation of the chatflowId and chatId parameters, which should be UUIDs or numbers, in file handling operations.

An unauthenticated attacker can exploit this by supplying a path-traversal value (for example, '../../../../../tmp') as the chatflow id. This allows the attacker to write arbitrary files using the /api/v1/chatflows endpoint and read arbitrary files using the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints.

The ability to write arbitrary files may lead to remote code execution, making this a critical security issue.

Impact Analysis

This vulnerability can have severe impacts including unauthorized reading and writing of files on the affected system.

An attacker can exploit this to execute arbitrary code remotely, potentially taking full control of the system running the vulnerable Flowise version.

Because the attack requires no authentication, it poses a high risk of compromise, data theft, data manipulation, or service disruption.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or unauthorized requests to the Flowise API endpoints that handle file operations, specifically /api/v1/chatflows, /api/v1/get-upload-file, and /api/v1/openai-assistants-file/download.

Look for requests where the chatflowId or chatId parameters contain path traversal patterns such as sequences like '../../../../../'. These indicate attempts to exploit the missing validation vulnerability.

Suggested commands to detect exploitation attempts include using network traffic inspection tools or web server logs to search for suspicious API calls. For example, using grep on server logs:

  • grep -E '\.\./|\.\.\\' /path/to/flowise/access.log
  • grep '/api/v1/chatflows' /path/to/flowise/access.log | grep -E 'chatflowId=.*(\.\./|\.\.\\)'
  • grep '/api/v1/get-upload-file' /path/to/flowise/access.log | grep -E 'chatId=.*(\.\./|\.\.\\)'
  • grep '/api/v1/openai-assistants-file/download' /path/to/flowise/access.log | grep -E 'chatflowId=.*(\.\./|\.\.\\)'

Additionally, monitoring for unexpected file writes or reads in the system directories, especially /tmp or other sensitive locations, may help detect exploitation.

Mitigation Strategies

The immediate mitigation step is to upgrade Flowise to version 3.0.6 or later, where this vulnerability has been patched by adding proper validation and sanitization of the chatflowId and chatId parameters.

If upgrading immediately is not possible, consider implementing input validation on the API endpoints to reject any chatflowId or chatId parameters that contain path traversal sequences or are not valid UUIDs or numbers.

Restrict access to the vulnerable API endpoints by network controls or authentication mechanisms to prevent unauthenticated attackers from exploiting the flaw.

Monitor logs for suspicious activity as described previously and remove any unauthorized files that may have been written.

Review and apply the security patches described in the commits that introduce filename sanitization and validation functions to prevent path traversal and arbitrary file access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71334. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart