CVE-2025-61687
Published: 06 October 2025
Summary
CVE-2025-61687 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Flowiseai Flowise. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 49.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the core vulnerability by requiring validation of file extensions, MIME types, and content during uploads to prevent arbitrary malicious file storage.
Enforces restrictions on dangerous file types at input points, blocking uploads of Node.js web shells and similar executable scripts.
Scans for and blocks malicious code like persistent Node.js web shells during or after upload, mitigating RCE risk even if validation is incomplete.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file upload without validation enables ingress of Node.js web shells (T1105, T1100) for persistent remote access and JavaScript-based RCE (T1059.007).
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently…
more
store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). The system fails to validate file extensions, MIME types, or file content during uploads. As a result, malicious scripts such as Node.js-based web shells can be uploaded and stored persistently on the server. These shells expose HTTP endpoints capable of executing arbitrary commands if triggered. The uploaded shell does not automatically execute, but its presence allows future exploitation via administrator error or chained vulnerabilities. This presents a high-severity threat to system integrity and confidentiality. As of time of publication, no known patched versions are available.
Deeper analysisAI
CVE-2025-61687 is a file upload vulnerability in version 3.0.7 of FlowiseAI, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. The issue stems from inadequate validation during file uploads, as the system fails to check file extensions, MIME types, or file content. This allows authenticated users to upload arbitrary files, including malicious Node.js web shells, which are persistently stored on the server. The vulnerability is rated high severity with a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).
Authenticated attackers with low privileges can exploit this vulnerability remotely and with low complexity to upload Node.js-based web shells via the affected upload endpoints. These shells persist on the server and expose HTTP endpoints capable of executing arbitrary commands if triggered, such as through administrator error or chained vulnerabilities. While the uploaded files do not auto-execute, successful triggering leads to remote code execution (RCE), resulting in high impacts to integrity and availability, with low confidentiality impact.
No patched versions of FlowiseAI were available as of the CVE's publication on 2025-10-06T16:15:35.223. The vulnerable code is exposed in the FlowiseAI GitHub repository, specifically in packages/components/src/storageUtils.ts (lines 1104-1111, 170-175, and 533-541) and packages/server/src/controllers/attachments/index.ts (lines 4-11) and packages/server/src/routes/attachments/index.ts (line 8). Practitioners should audit these locations, restrict upload permissions, and implement comprehensive file validation until official fixes are released.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Flowise is a drag & drop user interface platform for building customized large language model (LLM) flows, fitting as an AI platform for LLM orchestration and deployment.