CVE-2025-61687
📋 TL;DR
FlowiseAI version 3.0.7 contains a file upload vulnerability that allows authenticated users to upload arbitrary files without validation. This enables attackers to store malicious Node.js web shells on the server, potentially leading to remote code execution. The vulnerability affects all systems running FlowiseAI 3.0.7 with file upload functionality enabled.
💻 Affected Systems
- FlowiseAI
📦 What is this software?
Flowise by Flowiseai
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution, data exfiltration, lateral movement, and persistent backdoor installation.
Likely Case
Unauthorized file storage leading to web shell deployment, enabling future command execution if the shell is triggered via other vulnerabilities or misconfigurations.
If Mitigated
File uploads are properly validated, preventing malicious file storage and eliminating the RCE vector.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authentication is obtained. The vulnerability is well-documented with specific code locations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None available
Vendor Advisory: None available
Restart Required: Yes
Instructions:
1. Monitor FlowiseAI GitHub repository for security updates
2. Apply patch when available
3. Restart FlowiseAI service after patching
🔧 Temporary Workarounds
Disable file upload functionality
allTemporarily disable the attachments/upload feature in FlowiseAI configuration
Modify FlowiseAI configuration to disable attachments module
Implement web application firewall rules
allBlock file uploads with suspicious extensions or content patterns
Configure WAF to block uploads of .js, .node, .ts files and suspicious MIME types
🧯 If You Can't Patch
- Implement strict file upload validation at the reverse proxy/load balancer level
- Restrict network access to FlowiseAI instances and implement strict authentication controls
🔍 How to Verify
Check if Vulnerable:
Check if running FlowiseAI version 3.0.7 and verify file upload functionality exists without validationCheck Version:
Check FlowiseAI package.json or version endpoint if availableVerify Fix Applied:
Test file upload with malicious extensions/content to ensure proper validation is in place📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with .js, .node extensions
- HTTP requests to unexpected endpoints in upload directories
- File uploads bypassing normal validation patterns
Network Indicators:
- POST requests to upload endpoints with suspicious file content
- Unusual outbound connections from FlowiseAI server
SIEM Query:
source="flowise" AND (event="file_upload" AND (file_extension="js" OR file_extension="node" OR file_extension="ts"))🔗 References
- https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L1104-L1111
- https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L170-L175
- https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/components/src/storageUtils.ts#L533-L541
- https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/controllers/attachments/index.ts#L4-L11
- https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/routes/attachments/index.ts#L8
- https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/services/attachments/index.ts#L7-L16
- https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/createAttachment.ts#L118-L126
- https://github.com/FlowiseAI/Flowise/blob/d29db16bfcf9a4be8febc3d19d52263e8c3d0055/packages/server/src/utils/index.ts#L1950-L1954
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc
