XSS Vulnerability in Flowise Web Application by FlowiseAI
CVE-2025-29192

8.2HIGH

Key Information:

Vendor: Flowiseai
Status: Flowise
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-29192?

Flowise versions prior to 3.0.5 are susceptible to Cross-Site Scripting (XSS) attacks through form elements, which can be exploited when an administrator views the chat log. This vulnerability allows an attacker to inject malicious scripts that can be executed in the context of the user's browser, potentially compromising sensitive data and application integrity.

Affected Version(s)

Flowise 0 < 3.0.5

References

https://github.com/FlowiseAI/Flowise/pull/4905

https://github.com/FlowiseAI/Flowise/releases/tag/flowise...

https://github.com/FlowiseAI/Flowise/security/advisories/...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Mar 11, 2025

JSON

Flowiseai

What is CVE-2025-29192?

Affected Version(s)

References

CVSS V3.1

Timeline