Critical severityNVD Advisory· Published Oct 6, 2025· Updated Oct 6, 2025
CVE-2025-50538
CVE-2025-50538
Description
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
flowisenpm | < 3.0.8 | 3.0.8 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-964p-j4gg-mhwcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-50538ghsaADVISORY
- github.com/FlowiseAI/Flowise/commit/9a06a85a8ddcbaeca1342827a5fea9087a587d97ghsaWEB
- github.com/FlowiseAI/Flowise/pull/4905ghsaWEB
- github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5ghsaWEB
- github.com/FlowiseAI/Flowise/security/advisories/GHSA-964p-j4gg-mhwcghsaWEB
News mentions
0No linked articles in our index yet.