CNNVD-202509-3232 Information

CNNVD ID

CNNVD-202509-3232

Related CVE

CVE-2025-59434

• CNNVD Published: 2025-09-22

Description (Chinese)

Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise存在访问控制错误漏洞，该漏洞源于自定义JavaScript Function节点存在访问控制不当，可能导致跨租户数据泄露。

Description (English)

Flowise is an open-source tool for easy construction of LLM applications. Flowise has an error in access control, which stems from inappropriate access controls at the custom JavaScriptFunction node, which may lead to the disclosure of data across tenants.

Hazard Level

Low

Vulnerability Type

访问控制错误

Affected Vendor

Flute

Published

2025-09-22

Last Modified

2026-02-24

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-435c-mg9p-fv22 https://access.redhat.com/security/cve/cve-2025-59434

Patch

https://github.com/FlowiseAI/Flowise/releases