CNNVD-202510-1753 Information
CNNVD ID
CNNVD-202510-1753
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise存在安全漏洞,该漏洞源于nodevm执行环境中集成模块使用不当,可能导致经过身份验证的攻击者绕过沙箱限制并执行任意代码。
Description (English)
Flowise is an open-source tool for easy construction of LLM applications. Flowise has a security loophole, which stems from the improper use of integrated modules in the implementation environment of Nodevm, which may lead to identified assailants circumventing sandbox restrictions and enforcing random codes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
FlowiseAI
Published
2025-10-14
Last Modified
2026-02-24
References
https://github.com/FlowiseAI/Flowise/pull/5231 https://flowiseai.com/ https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5w3r-f6gm-c25w https://www.vulncheck.com/advisories/flowise-auth-command-execution-and-sandbox-bypass-via-puppeteer-and-playwright-packages https://access.redhat.com/security/cve/cve-2025-34267