CVE-2025-59527
📋 TL;DR
This Server-Side Request Forgery (SSRF) vulnerability in Flowise version 3.0.5 allows attackers to use the application server as a proxy to access internal network services and explore their link structures. Attackers can potentially reach internal web services that should not be externally accessible. All users running Flowise 3.0.5 are affected.
💻 Affected Systems
- Flowise
📦 What is this software?
Flowise by Flowiseai
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains access to sensitive internal services, extracts credentials or data from internal systems, or performs lateral movement within the network.
Likely Case
Attacker maps internal network structure, accesses internal APIs or web services, and potentially retrieves information from internal systems.
If Mitigated
Limited to reconnaissance of internal network structure without data exfiltration if proper network segmentation and access controls are in place.
🎯 Exploit Status
SSRF vulnerabilities are commonly exploited and this appears to be a straightforward implementation flaw.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.6
Vendor Advisory: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m
Restart Required: Yes
Instructions:
1. Stop Flowise service. 2. Update to version 3.0.6 using npm: 'npm install -g flowise@3.0.6'. 3. Restart Flowise service.
🔧 Temporary Workarounds
Disable vulnerable endpoint
allBlock access to the /api/v1/fetch-links endpoint at the web server or firewall level
# For nginx: location /api/v1/fetch-links { deny all; }
# For Apache: <Location /api/v1/fetch-links> Require all denied </Location>
Network segmentation
linuxRestrict Flowise server's outbound network access to only required services
# Use firewall rules to restrict outbound connections from Flowise server
# Example iptables: iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Flowise server from internal network resources
- Deploy a web application firewall (WAF) with SSRF protection rules
🔍 How to Verify
Check if Vulnerable:
Check if running Flowise version 3.0.5 and test if /api/v1/fetch-links endpoint accepts internal URLsCheck Version:
flowise --versionVerify Fix Applied:
Confirm version is 3.0.6 or higher and test that /api/v1/fetch-links endpoint properly validates URLs📡 Detection & Monitoring
Log Indicators:
- Unusual requests to /api/v1/fetch-links with internal IP addresses or localhost URLs
- Multiple failed outbound connection attempts from Flowise server
Network Indicators:
- Outbound connections from Flowise server to internal IP ranges on ports 80/443
- Unusual traffic patterns from Flowise server to internal services
SIEM Query:
source="flowise" AND (url="/api/v1/fetch-links" AND (url_contains="localhost" OR url_contains="127.0.0.1" OR url_contains="192.168." OR url_contains="10." OR url_contains="172.16."))🔗 References
- https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478
- https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24
- https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18
- https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m
