Flowise OS command remote code execution

GHSA-2vv2-3x8x-4gv7 · CVE-2025-8943

Published Aug 14, 2025 · Modified Aug 18, 2025

Description

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-8943
PACKAGE https://github.com/FlowiseAI/Flowise
WEB https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes