VYPR
Critical severityNVD Advisory· Published Oct 8, 2025· Updated Oct 14, 2025

Flowise is vulnerable to arbitrary file read, arbitrary file write

CVE-2025-61913

Description

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any path in the file system, potentially leading to remote command execution. Flowise 3.0.8 fixes this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
flowisenpm
< 3.0.83.0.8
flowise-componentsnpm
< 3.0.83.0.8
Flowisenpm
< 3.0.83.0.8

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.