CNNVD-202509-1796 Information

CNNVD ID

CNNVD-202509-1796

Related CVE

CVE-2025-58434

• CNNVD Published: 2025-09-12

Description (Chinese)

Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise 3.0.5及之前版本存在访问控制错误漏洞，该漏洞源于forgot-password端点未经验证返回密码重置令牌，可能导致账户接管。

Description (English)

Flowise is an open-source tool for easy construction of LLM applications. Flowise 3.5 and previous versions had an access control error loophole, which originated from the return of the password to the password reset without authentication at the forgot-password endpoint, which could lead to the account taking over.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Flute

Published

2025-09-12

Last Modified

2026-02-24

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wgpv-6j63-x5ph https://github.com/FlowiseAI/Flowise/commit/9e178d68873eb876073846433a596590d3d9c863 https://cxsecurity.com/issue/WLB-2025110001 https://access.redhat.com/security/cve/cve-2025-58434