CVE-2025-57164
Description
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Flowise v3.0.4 and earlier allows unauthenticated remote code execution via unsanitized JavaScript evaluation in the Supabase RPC Filter field.
Vulnerability
Overview
CVE-2025-57164 describes a remote code execution (RCE) vulnerability in Flowise, a low-code platform for building AI agents, affecting versions through v3.0.4. The flaw resides in the Supabase vector store component, specifically in the Supabase.ts file at the point where the supabaseRPCFilter user-supplied string is processed. The application directly compiles this string into a JavaScript function without any sanitization, escaping, or sandboxing, allowing arbitrary code to be executed on the server when the node is triggered [1][2].
Exploitation
Details
An attacker must first authenticate as an admin user to access the Supabase node configuration. Once authenticated, the attacker can inject a malicious payload into the "Supabase RPC Filter" field. The advisory demonstrates that payloads such as process.mainModule.require("child_process").execSync("id") are executed directly, confirming OS-level commands can be run, and environment variables can be leaked by forcing errors that display server-side secrets [2]. The attack surface is limited to authenticated admin users, but no network-level prerequisites beyond access to the Flowise web interface.
Impact
Successful exploitation grants the attacker full remote code execution on the underlying server. This can lead to complete server compromise, including the ability to launch reverse shells, exfiltrate sensitive environment variables (e.g., JWT secrets), and perform any OS-level command. The advisory categorizes the impact as a severe breach of trust boundaries between frontend input and backend execution logic [2].
Mitigation
Flowise released version 3.0.6, which includes a fix for this vulnerability. The release notes reference a commit titled "Bugfix/Securely Fetch Links" and other security improvements, though the specific patch for the Supabase RCE is not explicitly listed in the changelog [4]. Users are strongly advised to upgrade to v3.0.6 or later. No workarounds are documented; restricting admin access is a partial mitigation but does not eliminate the risk if an admin account is compromised.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
flowisenpm | >= 3.0.5, < 3.0.6 | 3.0.6 |
Affected products
2- Flowise/Flowisedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-7944-7c6r-55vvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-57164ghsaADVISORY
- github.com/FlowiseAI/Flowise/blob/flowise%403.0.5/packages/components/nodes/vectorstores/Supabase/Supabase.tsghsaWEB
- github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.tsghsaWEB
- github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6ghsaWEB
- github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vvghsaWEB
News mentions
0No linked articles in our index yet.