File Access Vulnerability in Flowise Drag & Drop Interface
CVE-2025-61913

10CRITICAL

Key Information:

Vendor: Flowiseai
Status: Flowise
Vendor: CVE Published:; 8 October 2025

🔔 Create Flowiseai Vulnerability Alert

What is CVE-2025-61913?

Flowise versions prior to 3.0.8 have a flaw in the WriteFileTool and ReadFileTool, which fails to properly restrict access to file paths. This allows authenticated attackers to read and write arbitrary files on the filesystem, potentially leading to the execution of remote commands. The vulnerability has been addressed in version 3.0.8, which restricts file path access and mitigates the risk.

Affected Version(s)

Flowise < 3.0.8

References

https://github.com/FlowiseAI/Flowise/security/advisories/...

x_refsource_CONFIRM

https://github.com/FlowiseAI/Flowise/security/advisories/...

x_refsource_MISC

https://github.com/FlowiseAI/Flowise/commit/1fb12cd931435...

x_refsource_MISC

CVSS V3.1

Score:

10

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2025
Vulnerability Reserved
Oct 3, 2025

.

CVE-2025-61913 : File Access Vulnerability in Flowise Drag & Drop Interface