Plattform
nodejs
Komponente
flowise
Behoben in
1.9.8
2.2.8
CVE-2025-55346 is a critical Remote Code Execution (RCE) vulnerability discovered in Flowise, a Node.js application. This flaw allows malicious actors to execute arbitrary JavaScript code within the host environment, bypassing sandboxing protections. The vulnerability affects versions of Flowise up to and including 2.2.7-patch.1, and a fix is available in version 0.0.1.
The impact of this RCE vulnerability is severe. An attacker can leverage it to gain complete control over the server hosting the Flowise application. This includes the ability to execute arbitrary commands, access sensitive data, install malware, and potentially pivot to other systems on the network. The vulnerability stems from an unsafe implementation of a dynamic Function constructor when handling user-provided input within Custom MCP Chatflows. The provided example configuration in the MCP Server Config acts as a deceptive hint, making exploitation easier. Successful exploitation could lead to data breaches, system compromise, and significant disruption of services.
This vulnerability was publicly disclosed on 2025-10-06. The CVSS score of 9.8 (CRITICAL) reflects the high severity and ease of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's nature suggests that a PoC is likely to emerge. The vulnerability is not currently listed on CISA KEV, but its critical nature warrants close monitoring.
Organizations utilizing Flowise for building conversational AI applications, particularly those with public-facing deployments or those allowing user-defined Chatflows, are at significant risk. Shared hosting environments where multiple users can create and deploy Chatflows are especially vulnerable, as a compromised Chatflow could impact other users on the same server.
• nodejs / server:
ps aux | grep -i flowise• nodejs / server:
journalctl -u flowise -f | grep -i "Custom MCP"• generic web:
curl -I <flowise_server_url>/api/v1/node-load-method/customMCP• generic web:
Inspect access logs for requests to /api/v1/node-load-method/customMCP with unusual or suspicious JSON payloads.
disclosure
patch
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade Flowise to version 0.0.1 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /api/v1/node-load-method/customMCP endpoint to trusted users only. Implement strict input validation and sanitization on all user-provided data used in the Custom MCP Chatflows to prevent malicious code injection. Monitor system logs for suspicious activity related to the endpoint or JavaScript execution. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests.
Aktualisieren Sie auf eine gepatchte Version, die die Remote Code Execution-Schwachstelle behebt. Weitere Details und eine gepatchte Version finden Sie in der Sicherheitsankündigung von JFrog. Wenn keine gepatchte Version verfügbar ist, sollten Sie die Komponente deaktivieren oder entfernen, bis eine Lösung veröffentlicht wird.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-55346 is a critical Remote Code Execution vulnerability in Flowise versions up to 2.2.7-patch.1, allowing attackers to execute arbitrary code on the server.
If you are running Flowise version 2.2.7-patch.1 or earlier, you are vulnerable to this RCE vulnerability.
Upgrade Flowise to version 0.0.1 or later to resolve this vulnerability. Implement temporary mitigations if immediate upgrade is not possible.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest active exploitation is possible.
Refer to the Flowise project's official channels (website, GitHub repository) for the latest advisory and security updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.