CVE-2025-55346 Information

Aug 15, 2025 cve

Description

User-controlled input flows to an unsafe implementation of a dynamic Function constructor allowing network attackers to run arbitrary unsandboxed JS code in the context of the host by sending a simple POST request.

Reference

https://research.jfrog.com/vulnerabilities/flowise-js-injection-remote-code-exection-jfsa-2025-001379925/ https://research.jfrog.com/vulnerabilities/flowise-js-injection-remote-code-exection-jfsa-2025-001379925/

CNNVD-202508-1513 (Published: 2025-08-14)

Share on:

CVE-2025-55346 Information

Description

Reference

Related CNNVD