CNNVD-202510-1108 Information

CNNVD ID

CNNVD-202510-1108

Related CVE

CVE-2025-61913

• CNNVD Published: 2025-10-08

Description (Chinese)

Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise 3.0.8之前版本存在路径遍历漏洞，该漏洞源于WriteFileTool和ReadFileTool未限制文件路径访问，可能导致任意文件读写和远程命令执行。

Description (English)

Flowise is an open-source tool for easy construction of LLM applications. There is a loophole in the path prior to Flowise 3.0.8, which stems from the fact that WriteFileTool and ReadFileTool do not restrict access to the file path, which may lead to any document reading, writing and remote command execution.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

FlowiseAI

Published

2025-10-08

Last Modified

2026-02-24

References

https://github.com/FlowiseAI/Flowise/commit/1fb12cd93143592a18995f63b781d25b354d48a3 https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.8 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-j44m-5v8f-gc9c https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-jv9m-vf54-chjj

Patch

https://github.com/FlowiseAI/Flowise/releases