Remote Code Execution Vulnerability in Flowise by FlowiseAI
CVE-2025-57164

6.5MEDIUM

Key Information:

Vendor: FlowiseAI
Status: Flowise
Vendor: CVE Published:; 17 October 2025

What is CVE-2025-57164?

Flowise version 3.0.4 exhibits a vulnerability that allows attackers to execute arbitrary code remotely through an unsanitized evaluation of user input in the 'Supabase RPC Filter' field. This security flaw can lead to significant risks if exploited, enabling unauthorized access and manipulation of the underlying system. Users and administrators should assess their installations for this issue and apply recommended updates or mitigations to enhance security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/FlowiseAI/Flowise

https://github.com/FlowiseAI/Flowise/blob/main/packages/c...

https://github.com/FlowiseAI/Flowise/security/advisories/...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Aug 17, 2025

JSON

FlowiseAI

What is CVE-2025-57164?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.