Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-71338

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 44.9%
CVSS Severity
CVSS v3 Score 10.0


Contact Us

Shodan ® - All rights reserved