CVE-2025-61913
Published: 08 October 2025
Summary
CVE-2025-61913 is a critical-severity Path Traversal (CWE-22) vulnerability in Flowiseai Flowise. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 26.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates file path inputs to WriteFileTool and ReadFileTool, directly preventing path traversal exploitation for arbitrary file read/write.
Enforces approved access control policies on file operations within Flowise tools, blocking unauthorized access to arbitrary filesystem paths.
Limits Flowise process privileges to the minimum necessary, reducing the impact of path traversal leading to remote command execution on critical files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file read enables T1005 (Data from Local System). The public-facing web app vulnerability maps to T1190 (Exploit Public-Facing Application). Arbitrary file write facilitates T1505.003 (Web Shell) for RCE and persistence.
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to…
more
read and write arbitrary files to any path in the file system, potentially leading to remote command execution. Flowise 3.0.8 fixes this vulnerability.
Deeper analysisAI
CVE-2025-61913 is a path traversal vulnerability (CWE-22) affecting the WriteFileTool and ReadFileTool components in Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. Versions of Flowise prior to 3.0.8 fail to restrict file path access in these tools, enabling unauthorized file operations. The vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact exploitation.
Authenticated attackers with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows reading and writing arbitrary files to any path on the file system, which can lead to remote command execution by targeting critical system files or scripts.
Flowise addressed this issue in version 3.0.8, as detailed in the project's security advisories (GHSA-j44m-5v8f-gc9c and GHSA-jv9m-vf54-chjj) and the fixing commit (1fb12cd93143592a18995f63b781d25b354d48a3). Security practitioners should update to Flowise 3.0.8 or later to mitigate the risk, per the release notes.
This vulnerability is particularly relevant in AI/ML environments, as Flowise is designed for LLM workflow orchestration, potentially exposing deployments handling sensitive model data or configurations to filesystem compromise. No public evidence of real-world exploitation has been reported as of the CVE publication on 2025-10-08.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Flowise is a drag-and-drop UI platform for building customized large language model (LLM) flows, fitting as an 'Other Platforms' category for AI workflow and orchestration tools.