CVE-2025-71338
Received Received - Intake
Path Traversal in Flowise AI Application

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: VulnCheck

Description
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2025-71338
EUVD
EUVD-2025-210343
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowise flowise *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Flowise at the /api/v1/document-store/loader/process endpoint. It is a path traversal flaw that allows unauthenticated attackers to write arbitrary files to the filesystem.

Attackers exploit unsanitized fileName parameters containing ../ sequences to overwrite critical files such as package.json.

By overwriting these files, attackers can achieve remote code execution when the application restarts.

Impact Analysis

This vulnerability can have severe impacts including complete system compromise.

  • Unauthenticated attackers can write arbitrary files to the system.
  • Critical files like package.json can be overwritten.
  • Remote code execution can be achieved when the application restarts, allowing attackers to run malicious code.
  • This can lead to loss of confidentiality, integrity, and availability of the affected system.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71338. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart