CVE-2025-26319
Published: 04 March 2025
Summary
CVE-2025-26319 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Flowiseai Flowise. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint, tracked as CVE-2025-26319 and assigned CWE-434. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible exploitation with low attack complexity and no required privileges or user interaction.
An unauthenticated attacker can send crafted requests to the affected endpoint to upload arbitrary files, resulting in full compromise of confidentiality, integrity, and availability on the target system. The published references consist of GitHub repositories that document the issue but provide no official patch or mitigation guidance.
The associated EPSS score stands at 0.8771 with a recorded peak of 0.8921, indicating sustained high exploitation probability since disclosure. Flowise is an open-source LLM orchestration platform, placing the vulnerability in an AI-adjacent development environment.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6168
Vulnerability details
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: flowise
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file upload in /api/v1/attachments enables exploitation of public-facing application (T1190), ingress of tools/malware (T1105), and deployment of web shells (T1505.003) for execution and persistence.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the specific arbitrary file upload flaw in Flowise's /api/v1/attachments endpoint.
Mandates validation of file inputs at the /api/v1/attachments endpoint to reject dangerous file types and prevent unrestricted uploads.
Enforces authentication and authorization on the unauthenticated /api/v1/attachments endpoint to block remote attacker access.