Home > Vulnerability Database > CVE-2025-29189

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2025-29189

Good to know:

Date: April 8, 2025

Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.

Severity Score

7.6

Related Resources (6)

Url: https://github.com/FlowiseAI/Flowise

Url: https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing

Url: https://github.com/FlowiseAI/Flowise/pull/3818

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-29189

Url: https://github.com/FlowiseAI/Flowise/commit/9a417bdc95f58d6dd92cbf60dad42414aba34754

Url: https://www.mend.io/vulnerability-database/CVE-2025-29189

Severity Score

7.6

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version flowise-components - 2.2.4

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Do you need more information?

Contact Us