Critical severityNVD Advisory· Published Aug 14, 2025· Updated Aug 18, 2025
Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers
CVE-2025-8943
Description
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
flowisenpm | <= 3.0.5 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-2vv2-3x8x-4gv7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-8943ghsaADVISORY
- research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/mitrethird-party-advisory
- research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578ghsaWEB
News mentions
0No linked articles in our index yet.