Home > Vulnerability Database > CVE-2025-57164

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2025-57164

Good to know:

Date: October 16, 2025

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.

Severity Score

6.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57164

Url: https://github.com/FlowiseAI/Flowise

Url: https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6

Url: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv

Url: https://github.com/FlowiseAI/Flowise/blob/flowise%403.0.5/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237

Url: https://github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237

Url: https://www.mend.io/vulnerability-database/CVE-2025-57164

Severity Score

6.5

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version flowise - 3.0.6

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Do you need more information?

Contact Us