CNNVD-202510-2480 Information

CNNVD ID

CNNVD-202510-2480

Related CVE

CVE-2025-57164

• CNNVD Published: 2025-10-17

Description (Chinese)

Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise 3.0.4及之前版本存在安全漏洞，该漏洞源于Supabase RPC Filter字段未对用户输入进行清理和转义，可能导致远程代码执行。

Description (English)

Flowise is an open-source tool for easy construction of LLM applications. Flowise 3.0.4 and previous versions contain a security loophole, which stems from the fact that the Supabase RPC Filter field did not clean up and convert user input, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FlowiseAI

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv https://access.redhat.com/security/cve/cve-2025-57164

Patch

https://github.com/FlowiseAI/Flowise/releases