AI description
CVE-2025-61913 affects Flowise, a drag-and-drop user interface for building customized large language model flows. Specifically, versions prior to 3.0.8 contain a vulnerability in the WriteFileTool and ReadFileTool components. These tools lack restrictions on file path access. Authenticated attackers can exploit this vulnerability to read and write arbitrary files to any path in the file system, potentially leading to remote command execution. The vulnerability exists because the WriteFileTool does not validate the file\_path parameter, allowing writing or overwriting any file on the host, including critical configuration files or system binaries. Flowise version 3.0.8 addresses this vulnerability.
- Description
- Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any path in the file system, potentially leading to remote command execution. Flowise 3.0.8 fixes this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-22
- Hype score
- Not currently trending
🚨Alert🚨:CVE-2025-61913 (CVSS 10.0) : Critical Flowise RCE Flaw Allows Arbitrary File Write 🔥POC :https://t.co/LVmjAD4JgA 📊42.9K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/q2FFmybO8d 👇Query HUNTER : https://t.co/q9rtuGfZuz
@HunterMapping
10 Oct 2025
4314 Impressions
21 Retweets
73 Likes
38 Bookmarks
1 Reply
0 Quotes
CRITICAL 10.0 ALERT: Flowise RCE Flaw (CVE-2025-61913) Allows Attackers Arbitrary File Write and Full System Takeover Read the full report on - https://t.co/A0UvMjHJ50 https://t.co/7mRR9VbQfU
@Iambivash007
9 Oct 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #FlowiseAI: disponibile un #PoC per lo sfruttamento della CVE-2025-61913 Rischio: 🟠 Tipologia: 🔸 Arbitrary File Write 🔸Remote Code Execution 🔗 https://t.co/PHZ5Tm6GSW ⚠ Importante mantenere aggiornati i sistemi https://t.co/gINr1DjXSW
@Vulcanux_
9 Oct 2025
33 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-61913: CRITICAL] Flowise 3.0.8 addresses a vulnerability where authenticated attackers could read/write arbitrary files. Update to the latest version to secure your system. #cybersecurity#cve,CVE-2025-61913,#cybersecurity https://t.co/9Sh7qQw5y8 https://t.co/Y80Qlqepgz
@CveFindCom
8 Oct 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes