Home > Vulnerability Database > CVE-2025-61913

Mend.io Vulnerability Database

CVE-2025-61913

Good to know:

Date: October 8, 2025

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any path in the file system, potentially leading to remote command execution. Flowise 3.0.8 fixes this vulnerability.

Severity Score

9.9

Related Resources (8)

Url: https://github.com/FlowiseAI/Flowise

Url: https://github.com/FlowiseAI/Flowise/pull/5275

Url: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-j44m-5v8f-gc9c

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61913

Url: https://github.com/FlowiseAI/Flowise/commit/1fb12cd93143592a18995f63b781d25b354d48a3

Url: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-jv9m-vf54-chjj

Url: https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.8

Url: https://www.mend.io/vulnerability-database/CVE-2025-61913

Severity Score

9.9

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version flowise - 3.0.8;flowise - 3.0.8;flowise-components - 3.0.8;https://github.com/FlowiseAI/Flowise.git - flowise@3.0.8

Learn More

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61913

Good to know:

Date: October 8, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?