Plattform
nodejs
Komponente
flowise
Behoben in
3.0.6
3.0.6
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Flowise, specifically within the /api/v1/fetch-links endpoint. This flaw allows attackers to leverage the Flowise server as a proxy, potentially gaining access to internal network resources and sensitive administrative interfaces. The vulnerability impacts Flowise versions up to 3.0.5, and a fix is available in version 3.0.6.
The SSRF vulnerability in Flowise allows an attacker to craft malicious requests that are executed by the Flowise server. Because the server acts as a proxy, the attacker can bypass network restrictions and access internal web services that would normally be inaccessible from the outside. This could include sensitive administrative panels, internal APIs, or other resources that contain confidential data. The potential impact extends to information disclosure, unauthorized access to internal systems, and potentially even the execution of arbitrary code if vulnerable internal services are exposed. Exploitation could reveal internal network topology and expose vulnerabilities in other internal systems.
This vulnerability was publicly disclosed on 2025-09-15. No public proof-of-concept (PoC) code has been released at the time of writing, but the SSRF nature of the vulnerability makes it relatively easy to exploit. The vulnerability is not currently listed on CISA KEV, and the EPSS score is pending evaluation. Given the ease of exploitation and potential impact, organizations should prioritize patching.
Organizations deploying Flowise in environments with internal web services or APIs are at risk. Shared hosting environments where Flowise instances share the same network infrastructure are particularly vulnerable, as an attacker could potentially pivot from a compromised Flowise instance to other internal services. Legacy Flowise configurations that haven't been regularly updated are also at increased risk.
• nodejs: Monitor process execution for unusual outbound network connections originating from the Flowise process. Use ps aux | grep flowise to identify the process and then netstat -anp | grep <flowise_pid> to check connections.
• generic web: Examine access logs for requests to /api/v1/fetch-links with unusual or internal IP addresses in the URL. Use grep '/api/v1/fetch-links' access.log | grep <internal_ip>.
• generic web: Check response headers for signs of internal resource exposure. Look for headers that reveal internal server information or redirect to internal services.
disclosure
Exploit-Status
EPSS
0.13% (32% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-59527 is to upgrade Flowise to version 3.0.6 or later, which contains the fix for the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting outbound network access from the Flowise server to only necessary domains. Implement a Web Application Firewall (WAF) with rules to block requests to the /api/v1/fetch-links endpoint or filter requests based on URL patterns that could indicate SSRF exploitation. Monitor Flowise server logs for unusual outbound requests or connections to unexpected internal resources.
Aktualisieren Sie Flowise auf Version 3.0.6 oder höher. Diese Version enthält eine Korrektur für die SSRF Vulnerabilität im /api/v1/fetch-links Endpoint. Das Update verhindert, dass Angreifer Ihren Server als Proxy verwenden, um auf interne Netzwerkdienste zuzugreifen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-59527 is a Server-Side Request Forgery (SSRF) vulnerability in Flowise versions up to 3.0.5, allowing attackers to use the server as a proxy to access internal resources.
You are affected if you are running Flowise version 3.0.5 or earlier. Upgrade to 3.0.6 or later to mitigate the risk.
Upgrade Flowise to version 3.0.6 or later. As a temporary workaround, restrict outbound network access or implement WAF rules.
While no active exploitation has been publicly confirmed, the SSRF nature of the vulnerability makes it easily exploitable, so proactive patching is recommended.
Refer to the Flowise project's official security advisories and release notes for details on this vulnerability and the fix.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.